Jump to content

Need help with malware removal, please.


jobeiii
 Share

Recommended Posts

Hi,

 I've recently been getting huge cpu usage spikes, multiple dllhost.exe processes appearing and have detected constant Malicious Website Blocked messages popping up every few seconds. These messages range from appsrumors.com, xmlka.com and fff5ee.com domains that I've seen others posting about recently. I ran Malwarebytes Anti-Malware, detected & removed the threats successfully however, the issues came back. Attached are the logs from my latest Malwarebytes and FRST scans. Thank you for any help you can provide in advance.

 

 

mbam-log-2014-10-31.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Hi :)
 
Post the logs in your posts, rather avoid attaching them as it makes my work harder.


51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:

    Domains::Driver::X6va017File::c:\windows\SysWOW64\Drivers\X6va017
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
  • Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon:

    CFScript.gif

  • This will start ComboFix. Let it run uninterrupted!
  • A reboot may be needed during this run. Allow it.
  • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Do not forget to turn on your previously switched-off protection software!

Link to post
Share on other sites

Got the copy/paste function working, sorry again for that. Here's the reports:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014

Ran by Jose (administrator) on JOSE-PC on 01-11-2014 18:20:48

Running from C:\Users\Jose\Desktop

Loaded Profile: Jose (Available profiles: Jose)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Windows\jmesoft\Service.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12850792 2011-09-05] (Realtek Semiconductor)

HKLM\...\Run: [uMonit] => C:\Windows\SysWOW64\UMonit.exe [49152 2011-05-25] ()

HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)

HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()

HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [712192 2011-12-20] (Lenovo)

HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)

HKLM-x32\...\Run: [setDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo)

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)

HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {91DC63F4-277D-4771-B93A-7FA412A5674E} URL =

SearchScopes: HKCU - DefaultScope {91DC63F4-277D-4771-B93A-7FA412A5674E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN22192977512509919&UM=2

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_enUS498

SearchScopes: HKCU - {91DC63F4-277D-4771-B93A-7FA412A5674E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN22192977512509919&UM=2

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:

=======

CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-06-16]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-06-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)

S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-15] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]

R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]

S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [101888 2011-11-07] (Lenovo) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-12-10] ()

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)

R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-12-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 wsvd; C:\Windows\SysWOW64\DRIVERS\wsvd.sys [121840 2009-07-21] (CyberLink)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 18:20 - 2014-11-01 18:20 - 00000000 ____D () C:\Users\Jose\Desktop\FRST-OlderVersion

2014-11-01 16:35 - 2014-11-01 16:35 - 00026681 _____ () C:\ComboFix.txt

2014-11-01 06:42 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-01 06:42 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-01 06:42 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-01 06:42 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-01 06:42 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-01 06:42 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-01 06:42 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-01 06:42 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-01 06:39 - 2014-11-01 16:35 - 00000000 ____D () C:\Qoobox

2014-11-01 06:39 - 2014-11-01 16:29 - 00000000 ____D () C:\Windows\erdnt

2014-11-01 06:38 - 2014-11-01 06:38 - 05591672 ____R (Swearware) C:\Users\Jose\Desktop\ComboFix.exe

2014-10-31 22:00 - 2014-11-01 18:20 - 00017039 _____ () C:\Users\Jose\Desktop\FRST.txt

2014-10-31 22:00 - 2014-10-31 22:00 - 00039806 _____ () C:\Users\Jose\Desktop\Addition.txt

2014-10-31 20:58 - 2014-11-01 18:20 - 00000000 ____D () C:\FRST

2014-10-31 20:57 - 2014-11-01 18:20 - 02114048 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe

2014-10-31 11:39 - 2014-10-31 11:39 - 00007597 _____ () C:\Users\Jose\AppData\Local\Resmon.ResmonCfg

2014-10-31 10:40 - 2014-11-01 16:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-31 10:39 - 2014-10-31 10:39 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-31 10:39 - 2014-10-31 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-31 10:39 - 2014-10-31 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-31 10:39 - 2014-10-31 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-31 10:39 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-31 10:39 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-31 10:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-30 11:12 - 2014-10-31 10:27 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager

2014-10-30 10:44 - 2014-10-30 10:44 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\AVG

2014-10-30 10:43 - 2014-10-30 10:44 - 00000000 ____D () C:\ProgramData\AVG

2014-10-30 10:43 - 2014-10-30 10:43 - 00000000 ____D () C:\Users\Jose\AppData\Local\Avg

2014-10-29 11:41 - 2014-11-01 16:30 - 00002184 _____ () C:\Windows\setupact.log

2014-10-29 11:41 - 2014-10-29 11:41 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-26 03:08 - 2014-10-26 03:08 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\AVG2015

2014-10-26 03:06 - 2014-10-30 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-26 03:06 - 2014-10-26 03:06 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2015.lnk

2014-10-26 03:06 - 2014-10-26 03:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\TuneUp Software

2014-10-26 03:01 - 2014-10-26 03:17 - 00000000 ____D () C:\ProgramData\AVG2015

2014-10-26 03:01 - 2014-10-26 03:01 - 00000000 ____D () C:\$AVG

2014-10-26 03:00 - 2014-10-30 10:44 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-10-26 02:58 - 2014-11-01 18:03 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-26 02:58 - 2014-10-26 03:23 - 00000000 ____D () C:\Users\Jose\AppData\Local\Avg2015

2014-10-26 02:58 - 2014-10-26 02:58 - 00000000 ____D () C:\Users\Jose\AppData\Local\MFAData

2014-10-22 22:10 - 2014-10-16 10:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll

2014-10-22 22:10 - 2014-10-16 10:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll

2014-10-16 02:19 - 2014-10-16 02:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET

2014-10-15 16:11 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 16:11 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 16:11 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 16:11 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 16:11 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 16:11 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 16:11 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 16:11 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 16:11 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 16:11 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 16:11 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 16:11 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 16:11 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 16:11 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 16:11 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 16:11 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 16:11 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 16:11 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 16:11 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 16:11 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 16:11 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 16:11 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 16:11 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 16:11 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 16:11 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 16:11 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 16:11 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 16:11 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 16:11 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 16:11 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 16:11 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 16:11 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 16:11 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 16:11 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 16:11 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 16:11 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 16:11 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 16:11 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 16:11 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 16:11 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 16:11 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 16:11 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 16:11 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 16:11 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 16:11 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 16:11 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 16:11 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 16:11 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 16:11 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 16:11 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 16:11 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 16:11 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 16:11 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 16:11 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 16:11 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 16:11 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 16:11 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 16:11 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 16:11 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 16:11 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 16:11 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 16:10 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 16:10 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 16:10 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 16:10 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 16:10 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 16:10 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 16:10 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 16:10 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 16:10 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-15 16:10 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 16:10 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 16:10 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 16:10 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 16:10 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 16:10 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 16:10 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 16:10 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 16:10 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 16:10 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 16:10 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-10 15:14 - 2014-10-10 15:14 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys

2014-10-07 21:43 - 2014-10-07 21:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2014-10-05 21:41 - 2014-10-05 21:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 18:07 - 2012-08-22 11:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-01 17:57 - 2012-09-14 20:52 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Skype

2014-11-01 17:57 - 2012-08-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-01 16:37 - 2009-07-13 23:13 - 00795818 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-01 16:37 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-01 16:37 - 2009-07-13 22:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-01 16:35 - 2013-12-02 12:09 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0

2014-11-01 16:33 - 2012-07-11 19:44 - 01318605 _____ () C:\Windows\WindowsUpdate.log

2014-11-01 16:31 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini

2014-11-01 16:30 - 2010-11-20 21:47 - 00453242 _____ () C:\Windows\PFRO.log

2014-11-01 16:30 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-01 16:29 - 2009-07-13 20:34 - 66846720 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-11-01 16:29 - 2009-07-13 20:34 - 27000832 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-11-01 16:29 - 2009-07-13 20:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-11-01 16:29 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-11-01 16:29 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-11-01 07:17 - 2009-07-13 21:20 - 00000000 ___HD () C:\Users\Default

2014-11-01 06:39 - 2012-08-22 16:05 - 00000008 _____ () C:\Users\Jose\Documents\lmscfg

2014-11-01 02:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache

2014-10-31 18:26 - 2012-07-11 19:39 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-31 18:26 - 2012-07-11 19:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-10-31 18:25 - 2012-08-23 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-10-31 11:29 - 2014-04-23 20:56 - 00003002 _____ () C:\Windows\System32\Tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F}

2014-10-31 11:29 - 2014-04-23 18:14 - 00003002 _____ () C:\Windows\System32\Tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD}

2014-10-31 11:29 - 2012-10-31 09:51 - 00003048 _____ () C:\Windows\System32\Tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B}

2014-10-31 11:29 - 2012-10-31 09:50 - 00003048 _____ () C:\Windows\System32\Tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30}

2014-10-31 03:04 - 2012-07-11 19:41 - 00000000 ____D () C:\Program Files\Google

2014-10-31 03:04 - 2012-07-11 19:41 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-30 21:48 - 2012-08-22 11:29 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google

2014-10-30 13:45 - 2012-07-11 19:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-30 13:45 - 2012-07-11 19:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-30 13:10 - 2012-07-11 19:41 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-30 13:10 - 2012-07-11 19:41 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-30 11:15 - 2012-07-11 19:40 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-10-30 11:12 - 2013-01-19 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts

2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-29 12:01 - 2012-07-11 19:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-10-28 18:15 - 2014-09-18 13:49 - 00000000 ____D () C:\Users\Jose\AppData\Local\Warframe

2014-10-18 04:39 - 2014-09-20 16:30 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-18 04:39 - 2012-09-14 20:52 - 00000000 ____D () C:\ProgramData\Skype

2014-10-16 17:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 08:11 - 2012-07-11 19:35 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-10-16 03:10 - 2009-07-13 22:45 - 00276960 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 03:08 - 2014-05-06 05:44 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 02:19 - 2013-08-05 12:14 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 02:17 - 2012-08-22 12:17 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-04 09:05 - 2014-09-01 14:46 - 00000000 ____D () C:\Users\Jose\Tales of Graces F

Files to move or delete:

====================

C:\ProgramData\hash.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 18:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014

Ran by Jose at 2014-11-01 18:21:09

Running from C:\Users\Jose\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )

Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )

Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)

ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)

Arcania: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)

Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)

AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden

Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal)

BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Carrier Command: Gaea Mission (HKLM-x32\...\Steam App 65740) (Version: - Bohemia Interactive)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)

Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)

Defiance (HKLM-x32\...\Glyph Defiance) (Version: - Trion Worlds, Inc.)

DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)

Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)

Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.01.1214 - Lenovo)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)

Dungeon Siege III (HKLM-x32\...\Steam App 39160) (Version: - Obsidian Entertainment)

EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)

EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden

Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)

GameFly Download Manager (HKCU\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.0.2.3 - Genesys Logic)

Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes )

Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )

Gothic 3 Forsaken Gods Enhanced Edition (HKLM-x32\...\Steam App 65600) (Version: - Trine Studios)

Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version: - Piranha – Bytes)

Grotesque Tactics 2 - Dungeons and Donuts (HKLM-x32\...\Steam App 46570) (Version: - )

Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version: - Raven Software)

HeXen II (HKLM-x32\...\Steam App 9060) (Version: - Raven Software)

HeXen: Beyond Heretic (HKLM-x32\...\Steam App 2360) (Version: - Raven Software)

HeXen: Deathkings of the Dark Citadel (HKLM-x32\...\Steam App 2370) (Version: - Raven Software)

Holy Avatar vs. Maidens of the Dead (HKLM-x32\...\Steam App 261720) (Version: - Headup Games)

Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6008 - CyberLink Corp.)

Lenovo Power2Go (x32 Version: 6.0.6008 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.3609 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.3609 - CyberLink Corp.) Hidden

Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.5.120109 - Lenovo)

Linksys Dual-Band Wireless-N USB Network Adapter (HKLM-x32\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1 - Linksys) Hidden

LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 1.01.0213 - Lenovo)

Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Max Payne (HKLM-x32\...\Steam App 12140) (Version: - Remedy Entertainment)

Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)

Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)

Memento Mori (HKLM-x32\...\Steam App 200490) (Version: - Bohemia Interactive)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)

Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)

Original War (HKLM-x32\...\Steam App 235320) (Version: - Altar Games)

Post Mortem (HKLM-x32\...\Steam App 46550) (Version: - Anuman / Microids)

Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.1226 - Lenovo)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)

resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)

Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version: - Capcom)

Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)

Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - )

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)

Sanctum (HKLM-x32\...\Steam App 91600) (Version: - )

Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - )

Serious Sam 3 Dedicated Server (HKLM-x32\...\Steam App 41080) (Version: - )

Serious Sam 3 Editor (HKLM-x32\...\Steam App 41090) (Version: - )

Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)

Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - )

Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - )

Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version: - Mommy's Best Games)

Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)

Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)

Serious Sam HD: The Second Encounter Editor (HKLM-x32\...\Steam App 41040) (Version: - Croteam)

Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version: - )

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Space Siege (HKLM-x32\...\Space Siege) (Version: 1.0 - Sega)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)

Star Wolves (HKLM-x32\...\Steam App 46270) (Version: - X-Bow Software)

Star Wolves 2 (HKLM-x32\...\Steam App 46280) (Version: - X-Bow Software)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Still Life (HKLM-x32\...\Steam App 46480) (Version: - Anuman / Microids)

Still Life 2 (HKLM-x32\...\Steam App 46490) (Version: - Anuman / Microids)

Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version: - FireFly Studios)

Stronghold Crusader + Extreme (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)

Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios)

Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version: - FireFly Studios)

Tactical Expansion Mod V1.1 (HKCU\...\Tactical Expansion Mod V1.1) (Version: - )

The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Softworks)

The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)

The Witcher 2 Enhanced Edition version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)

ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.111103 - Lenovo)

Torchlight Editor (HKLM-x32\...\Steam App 41520) (Version: - Runic Games, Inc.)

Torchlight II GUTS (HKLM-x32\...\Steam App 223070) (Version: - )

Total War: Shogun 2 - Assembly Kit (HKLM-x32\...\Steam App 202930) (Version: - The Creative Assembly)

Total War: Shogun 2 - TEd (HKLM-x32\...\Steam App 202920) (Version: - The Creative Assembly)

Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)

Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)

Two Worlds II Castle Defense (HKLM-x32\...\Steam App 7530) (Version: - Reality Pump Studios)

Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)

Unreal Gold (HKLM-x32\...\Steam App 13250) (Version: - Epic Games)

Unreal II: The Awakening (HKLM-x32\...\Steam App 13200) (Version: - Epic Games)

Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version: - Epic Games)

Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version: - Epic Games)

Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games)

Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Activision)

ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-11-2014 03:09:59 Removed AVG PC TuneUp 2015

01-11-2014 03:12:23 Removed AVG PC TuneUp 2015 (en-US)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-01 16:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D2ECCC4-FDAF-4552-896C-F7DC6DAC3E73} - System32\Tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {1EB9A3E7-CF17-494A-A13E-B314EA4AD13C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {273F41A6-B894-4E4B-9365-94EC174E07E0} - System32\Tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {2F08A5B7-298C-4DDA-9499-6E1A117F25F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {7EF6C1D6-F377-47BE-8ABC-31BF7ED21A14} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)

Task: {8EDD6E06-94A7-4B5F-84A1-BB3718476AD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {C23B5589-8F8A-4467-BA8A-FC3619647F7E} - System32\Tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {C3654624-6276-495F-A244-86AA901A6FF1} - System32\Tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {E46C56E8-C771-4435-9B33-D33B601A198F} - System32\Tasks\{52D0064F-2888-497D-9753-74566470F1C9} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: {E934E428-C332-4F90-B3AA-7660DE98DD9B} - System32\Tasks\{CF60E642-29CC-437B-93CE-952FFD445245} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-11 19:35 - 2014-09-13 15:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-07-11 19:36 - 2011-12-15 22:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-07-11 19:38 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2013-01-06 11:32 - 2013-01-06 11:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-10-16 16:53 - 2014-10-16 16:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2012-07-11 19:36 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-07-11 19:36 - 2011-12-15 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-08-29 05:36 - 2014-08-21 12:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 05:36 - 2014-08-21 12:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 05:36 - 2014-08-21 12:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2013-03-12 17:10 - 2014-10-01 17:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 15:49 - 2014-10-21 13:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 05:36 - 2014-08-21 12:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 05:36 - 2014-08-21 12:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2012-08-22 11:44 - 2014-10-21 13:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2012-08-22 11:44 - 2014-09-04 17:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-08-15 06:26 - 2014-09-04 17:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

2014-09-09 17:07 - 2014-09-09 17:07 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2365872097-3908279325-1656206436-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2365872097-3908279325-1656206436-1005 - Limited - Enabled)

Guest (S-1-5-21-2365872097-3908279325-1656206436-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2365872097-3908279325-1656206436-1002 - Limited - Enabled)

Jose (S-1-5-21-2365872097-3908279325-1656206436-1000 - Administrator - Enabled) => C:\Users\Jose

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/01/2014 04:31:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 10:17:32 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/01/2014 06:32:08 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 02:33:46 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2014 09:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6

Exception code: 0xc0000005

Fault offset: 0x000d0914

Faulting process id: 0x392c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (10/31/2014 09:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6

Exception code: 0xc0000005

Fault offset: 0x00127417

Faulting process id: 0x37d0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (10/31/2014 09:18:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22

Exception code: 0xc00000fd

Fault offset: 0x00094fbf

Faulting process id: 0x29e0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (10/31/2014 08:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4eeff65f

Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4eeff65f

Exception code: 0xc0000005

Fault offset: 0x00012767

Faulting process id: 0x12c8

Faulting application start time: 0xLitModeSwitch.exe0

Faulting application path: LitModeSwitch.exe1

Faulting module path: LitModeSwitch.exe2

Report Id: LitModeSwitch.exe3

Error: (10/31/2014 06:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000b01e2

Faulting process id: 0x210c

Faulting application start time: 0xdllhost.exe0

Faulting application path: dllhost.exe1

Faulting module path: dllhost.exe2

Report Id: dllhost.exe3

Error: (10/31/2014 06:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x002601e2

Faulting process id: 0x764

Faulting application start time: 0xdllhost.exe0

Faulting application path: dllhost.exe1

Faulting module path: dllhost.exe2

Report Id: dllhost.exe3

System errors:

=============

Error: (11/01/2014 04:29:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2014 04:29:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2014 04:26:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2014 04:22:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/01/2014 01:17:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/01/2014 01:17:07 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/01/2014 01:17:07 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/01/2014 11:59:40 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/01/2014 07:15:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2014 07:13:41 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:

=========================

Error: (11/01/2014 04:31:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 10:17:32 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\Steam\steamapps\common\still life 2\Splash.exe

Error: (11/01/2014 06:32:08 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 02:33:46 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2014 09:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c0000005000d0914392c01cff584da38061aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWow64\jscript9.dll4a674748-6179-11e4-a501-8c89a5f30f54

Error: (10/31/2014 09:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7jscript9.dll11.0.9600.17344541b85e6c00000050012741737d001cff5835b6dbf0fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWow64\jscript9.dll416124cf-6177-11e4-a501-8c89a5f30f54

Error: (10/31/2014 09:18:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf29e001cff58264577263C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllcd9cc1f6-6175-11e4-a501-8c89a5f30f54

Error: (10/31/2014 08:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: LitModeSwitch.exe4.0.0.9154eeff65fLitModeSwitch.exe4.0.0.9154eeff65fc00000050001276712c801cff52d2e499b3dC:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exeC:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe557e08aa-6172-11e4-a501-8c89a5f30f54

Error: (10/31/2014 06:56:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005000b01e2210c01cff56ebb523fb9C:\Windows\syswow64\dllhost.exeunknownf982b046-6161-11e4-a501-8c89a5f30f54

Error: (10/31/2014 06:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: dllhost.exe6.1.7600.163854a5bc6b7unknown0.0.0.000000000c0000005002601e276401cff56e062d32bbC:\Windows\syswow64\dllhost.exeunknown44484685-6161-11e4-a501-8c89a5f30f54

CodeIntegrity Errors:

===================================

Date: 2014-11-01 07:13:41.681

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-01 07:13:41.651

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz

Percentage of memory in use: 21%

Total physical RAM: 16346.91 MB

Available physical RAM: 12882.67 MB

Total Pagefile: 32691.99 MB

Available Pagefile: 29256.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1837.75 GB) (Free:1158.22 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E0F3F1F9)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1837.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

Link to post
Share on other sites

Now let's take down the hijackers.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

Link to post
Share on other sites

Okay, reports as requested:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.5 (10.31.2014:1)

OS: Windows 7 Home Premium x64

Ran by Jose on Mon 11/03/2014 at 6:06:42.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91DC63F4-277D-4771-B93A-7FA412A5674E}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"

Successfully deleted: [Folder] "C:\Users\Jose\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Jose\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Jose\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 11/03/2014 at 6:08:54.84

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.311 - Report created 03/11/2014 at 06:17:09

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jose - JOSE-PC

# Running from : C:\Users\Jose\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\Windows\Util

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [1028 octets] - [03/11/2014 06:13:51]

AdwCleaner[s0].txt - [965 octets] - [03/11/2014 06:17:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1024 octets] ##########

Link to post
Share on other sites

Next run.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyclsid;emptyfolderscheck;deleteprocess;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Got it for you:

Zoek.exe v5.0.0.0 Updated 03-November-2014

Tool run by Jose on Mon 11/03/2014 at 7:12:18.01.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jose\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

11/3/2014 7:13:10 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\BitTorrent deleted successfully

C:\PROGRA~2\GameFly deleted successfully

C:\PROGRA~2\MeteorEntertainment deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Pando Networks deleted successfully

C:\PROGRA~2\Runic Games deleted successfully

C:\PROGRA~2\ZJMedia deleted successfully

C:\Program Files\Google deleted successfully

C:\PROGRA~3\BioWare deleted successfully

C:\PROGRA~3\DDF626ADdvdcss deleted successfully

C:\PROGRA~3\DVDRanger deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Jose\AppData\Roaming\WinRAR deleted successfully

C:\Users\Jose\AppData\Local\GameSpy deleted successfully

C:\Users\Jose\AppData\Local\Solid State Networks deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully

==== Installed Programs ======================

7-Zip 9.22beta

Adobe AIR

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader XI (11.0.09)

Age of Mythology - The Titans Expansion

Age of Mythology

Anna - Extended Edition

ArcaniA - Gothic 4

Arcania: Fall of Setarrif

Arma 2

Arma: Gold Edition

AVG 2015

BatmanT: Arkham Origins

BioShock 2

Borderlands 2

Carrier Command: Gaea Mission

Command & ConquerT 3 Tiberium Wars and Kane's Wrath

Command & ConquerT 4 Tiberian Twilight

Command & ConquerT and The Covert OperationsT

Command & ConquerT Red Alert 2 and Yuri's Revenge

Command & ConquerT Red Alert, Counterstrike and The Aftermath

Command & ConquerT Red AlertT 3 and Uprising

Command & ConquerT Renegade

Command & ConquerT The Ultimate Collection Additional Content

Command & ConquerT Tiberian SunT and FirestormT

Command & ConquerT: Generals and Zero Hour

D3DX10

Defense Grid: The Awakening

Defiance

DefianceRuntimes

Dragon Age II

Driver & Application Installation

Dual-Core Optimizer

Dungeon Siege 2

Dungeon Siege III

EA Shared Game Component: Activation

Enclave

GameFly Download Manager

Genesys USB Mass Storage Device

Glyph

Google Update Helper

Gothic

Gothic 3

Gothic 3 Forsaken Gods Enhanced Edition

Gothic II: Gold Edition

Grotesque Tactics 2 - Dungeons and Donuts

Heretic: Shadow of the Serpent Riders

HeXen II

HeXen: Beyond Heretic

HeXen: Deathkings of the Dark Citadel

Holy Avatar vs. Maidens of the Dead

Hydrophobia: Prophecy

Intel® Control Center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intelr Trusted Connect Service Client

Java 7 Update 65

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Junk Mail filter update

Kingdoms of Amalur: Reckoning

Lenovo Blacksilk USB Keyboard Driver

Lenovo Power2Go

Lenovo PowerDVD10

Lenovo Registration

Lenovo Rescue System

Lenovo Screensaver

Linksys Dual-Band Wireless-N USB Network Adapter

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter

LVT

Magicka

Malwarebytes Anti-Malware version 2.0.3.1025

Max Payne

Max Payne 2: The Fall of Max Payne

Max Payne 3

Memento Mori

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 4 Runtime

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

Microsoft XNA Framework Redistributable 3.1

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

Nexon Launcher

NVIDIA 3D Vision Controller Driver 344.11

NVIDIA Control Panel 344.11

NVIDIA GeForce Experience 2.1.2

NVIDIA GeForce Experience Service

NVIDIA HD Audio Driver 1.3.32.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.14.0702

NVIDIA ShadowPlay 16.13.42

NVIDIA Update 16.13.42

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.25

OpenAL

Origin

Original War

Post Mortem

Power Control Switch

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

resident evil 4 / biohazard 4

Resident Evil Revelations / Biohazard Revelations UE

Risen

Risen 2 - Dark Waters

Rockstar Games Social Club

RPG Maker VX Ace

Sanctum

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Serious Sam 2

Serious Sam 3 Dedicated Server

Serious Sam 3 Editor

Serious Sam 3: BFE

Serious Sam Classic: The First Encounter

Serious Sam Classic: The Second Encounter

Serious Sam Double D

Serious Sam HD: The First Encounter

Serious Sam HD: The Second Encounter

Serious Sam HD: The Second Encounter Editor

Serious Sam: The Random Encounter

SHIELD Streaming

SHIELD Wireless Controller Driver

SkypeT 6.21

Space Siege

Star Wars: Knights of the Old Republic

Star Wars: Knights of the Old Republic II

Star Wolves

Star Wolves 2

Steam

Still Life

Still Life 2

Stronghold 2

Stronghold Crusader + Extreme

Stronghold Crusader Extreme HD

Stronghold Legends

Tactical Expansion Mod V1.1

The Elder Scrolls III: Morrowind

The Elder Scrolls IV: Oblivion

The Witcher 2 Enhanced Edition version 3.0

ThemeWallpaper

Torchlight Editor

Torchlight II GUTS

Total War: Shogun 2 - Assembly Kit

Total War: Shogun 2 - TEd

Total War: SHOGUN 2

Two Worlds II

Two Worlds II Castle Defense

Two Worlds: Epic Edition

Unreal Gold

Unreal II: The Awakening

Unreal Tournament 2004

Unreal Tournament 3: Black Edition

Unreal Tournament: Game of the Year Edition

Vampire: The Masquerade - Bloodlines

ViewSonic Monitor Drivers

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

WestwoodChat

WestwoodOnline

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\jmesoft\Service.exe

C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\SysWOW64\UMonit.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\jmesoft\hotkey.exe

C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Windows\jmesoft\JME_LOAD.exe

C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\AVG\AVG2015\avgui.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Jose\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================

Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

R2 - [avgfws] - AVG Firewall - "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe"

R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"

R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"

R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"

R2 - [intel® ME Service] - Intel® ME Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

R2 - [LenovoCOMSvc] - LenovoCOMService - "C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe"

R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"

R2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"

R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe

R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

R3 - [LitModeCtrl] - LitModeCtrl - "C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe"

S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"

S2 - [CLKMSVC10_3A60B698] - CyberLink Product - 2013/02/15 10:25:33 - "C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe" /svc

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

S2 - [skypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"

S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe

S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe

S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"

S3 - [iDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V

S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe

S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V

S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"

S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe

S3 - [steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe

S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe

S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"

S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

S4 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

S4 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

S4 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\hash.dat deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Jose\AppData\Local\CrashRpt deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 16347 MB

CPU Info: Intel® Core i7-3770 CPU @ 3.40GHz

CPU Speed: 3343.2 MHz

Sound Card: Speakers (Realtek High Definiti |

Realtek Digital Output (Realtek |

Display Adapters: NVIDIA GeForce GT 545 | NVIDIA GeForce GT 545 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 2x; Generic PnP Monitor | ViewSonic VA2231 Series |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter | Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (E: | ) E: HL-DT-STBD-RE BH30N

Ports: COM2 LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 1837.7GB

Hard Disks - Free: C: 1156.5GB

Manufacturer *: LENOVO

BIOS Info: AT/AT COMPATIBLE | 02/11/12 | LENOVO - 11c

Time Zone: Mountain Standard Time

Motherboard *: LENOVO

Country: United States

Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: AVG Internet Security 2015 disabled (Outdated)

Firewall: AVG Internet Security 2015 disabled

Internet Explorer Version: 11.0.9600.17358

Adobe Reader version: 11.0.9.29

Sun Java version: 1.7.0_65 (32-bit)

Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-11-01 12:42:30 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2014-11-01 12:42:30 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2014-11-01 12:42:30 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2014-11-01 12:42:30 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2014-11-01 12:42:30 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

====== C:\Users\Jose\AppData\Local\Temp ====

2014-11-03 13:06:21 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\libiconv2.dll

2014-11-03 13:06:21 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\libintl3.dll

2014-11-03 13:06:21 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\pcre3.dll

2014-11-03 13:06:21 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\regex2.dll

2014-11-03 13:06:21 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-10-23 04:10:44 75DF6E34521A58BA74A877C8F1087580 1876296 ----a-w- C:\Windows\Sysnative\nvdispco6434448.dll

2014-10-23 04:10:44 3374B9D84B00755881A621491918A0D9 1539272 ----a-w- C:\Windows\Sysnative\nvdispgenco6434448.dll

====== C:\Windows\Sysnative\drivers =====

2014-10-31 16:40:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2014-10-31 16:39:48 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2014-10-31 16:39:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2014-10-31 16:39:47 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2014-10-15 22:10:25 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2014-10-15 22:10:24 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

2014-10-10 21:14:32 0BB7ECAC81554D83A66A0B9F961BB9D0 274200 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys

2014-10-08 03:43:06 7F6BE4B64811AFECE52FBAD85E31E378 262424 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys

2014-10-06 03:41:40 B4D589C734D796B5B76E0A0E5DA50397 124184 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys

====== C:\Windows\Tasks ======

2014-10-30 17:12:19 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-10-26 09:00:25 -------- d-----w- C:\PROGRA~2\AVG

2014-10-16 08:19:23 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET

======= C: =====

====== C:\Users\Jose\AppData\Roaming ======

2014-11-01 22:35:36 -------- d-----w- C:\Users\Public\AppData\Local\temp

2014-11-01 22:35:36 -------- d-----w- C:\Users\Default\AppData\Local\temp

2014-11-01 22:35:36 -------- d-----w- C:\Users\Default User\AppData\Local\temp

2014-10-31 17:39:09 E9DDC7F882F5FFD8DEEF9B0604CDD7C0 7597 ----a-w- C:\Users\Jose\AppData\Local\Resmon.ResmonCfg

2014-10-30 16:46:48 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG

2014-10-30 16:44:44 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg

2014-10-30 16:44:26 -------- d-----w- C:\Users\Jose\AppData\Roaming\AVG

2014-10-30 16:44:13 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg

2014-10-30 16:43:49 -------- d-----w- C:\Users\Jose\AppData\Local\Avg

2014-10-29 00:17:35 -------- d-----w- C:\Users\Jose\AppData\Local\ElevatedDiagnostics

2014-10-26 09:08:11 -------- d-----w- C:\Users\Jose\AppData\Roaming\AVG2015

2014-10-26 09:06:57 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015

2014-10-26 09:06:42 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015

2014-10-26 09:06:42 -------- d-----w- C:\Users\Jose\AppData\Roaming\TuneUp Software

2014-10-26 09:00:26 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015

2014-10-26 08:58:11 -------- d-----w- C:\Users\Jose\AppData\Local\Avg2015

====== C:\Users\Jose ======

2014-11-03 13:04:31 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Jose\Desktop\AdwCleaner.exe

2014-11-03 13:03:49 057B958D43AE746624F31ACFFEE78542 1706359 ----a-w- C:\Users\Jose\Desktop\JRT.exe

2014-11-01 13:17:50 -------- d-----w- C:\Users\Public\AppData

2014-11-01 02:57:49 F4B463AF154D6236A61A330C24E515D7 2114048 ----a-w- C:\Users\Jose\Desktop\FRST64.exe

2014-10-30 16:43:28 -------- d-----w- C:\ProgramData\AVG

2014-10-26 09:06:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-26 09:01:45 -------- d-----w- C:\ProgramData\AVG2015

2014-10-26 08:58:11 -------- d--h--w- C:\ProgramData\Common Files

====== C: exe-files ==

2014-11-01 00:26:41 5968851C0DA855E9E1360DB6366941E8 412992 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE

2014-11-01 00:26:36 5968851C0DA855E9E1360DB6366941E8 412992 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{62219F2D-B04D-465C-B8C5-1B7697B2F862}\setup.exe

2014-10-30 16:25:32 52B2C1038E4AB6F5647978729B6BBCB3 320528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe

2014-10-27 22:42:37 A11E718E1826586D12EC3B9773241E9E 7139776 ----a-w- C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe

=== C: other files ==

2014-11-03 13:06:21 FE5E6EB4D8B571368AACB6E9C1008A22 184846 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\misc.bat

2014-11-03 13:06:21 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\prelim.bat

2014-11-03 13:06:21 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\TDL4.bat

2014-11-03 13:06:21 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\medfos.bat

2014-11-03 13:06:21 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\surfvox.bat

2014-11-03 13:06:21 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\searchlnk.bat

2014-11-03 13:06:21 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\firefox.bat

2014-11-03 13:06:21 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\ev_clear.bat

2014-11-03 13:06:21 5861E8A3DC97D79B42AF736DCE71FAFF 10175 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\runvalues.bat

2014-11-03 13:06:21 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\mws.bat

2014-11-03 13:06:21 4D7B971F66B827BBC423E06892AD3692 14957 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\get.bat

2014-11-03 13:06:21 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\ask.bat

2014-11-03 13:06:21 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\iexplore.bat

2014-11-03 13:06:21 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\delfolders.bat

2014-11-03 13:06:21 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\chrome.bat

2014-10-31 16:40:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-10-31 16:39:48 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-10-31 16:39:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-10-31 16:39:47 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

"jmekey"="C:\Windows\jmesoft\hotkey.exe"

"jmesoft"="C:\Windows\jmesoft\ServiceLoader.exe"

"ModeSwitch"="C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe /AutoRun"

"LVT"="C:\Program Files\Lenovo\LVT\LJYZ.exe 1"

"Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot"

"SetDefaultSCR"="C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe"

"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery"

"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

"BDRegion"="C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"

"CLMLServer"="C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"

"UpdateP2GoShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"

"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"UMonit"="C:\Windows\SysWOW64\UMonit.exe"

"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/24/2014 09:59 AM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/24/2014 09:59 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F}" [C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE]

"C:\Windows\SysNative\tasks\{52D0064F-2888-497D-9753-74566470F1C9}" [C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe]

"C:\Windows\SysNative\tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B}" [C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe]

"C:\Windows\SysNative\tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30}" [C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe]

"C:\Windows\SysNative\tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD}" [C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE]

"C:\Windows\SysNative\tasks\{CF60E642-29CC-437B-93CE-952FFD445245}" [C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_enUS498"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=18 14102046 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Jose\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Jose\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 11/03/2014 at 7:28:29.68 ======================

Link to post
Share on other sites

OK, we have removed plenty of crap. Fresh reports please :)



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Sure thing, here you go:

Zoek.exe v5.0.0.0 Updated 03-November-2014

Tool run by Jose on Mon 11/03/2014 at 7:12:18.01.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jose\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

11/3/2014 7:13:10 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\BitTorrent deleted successfully

C:\PROGRA~2\GameFly deleted successfully

C:\PROGRA~2\MeteorEntertainment deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Pando Networks deleted successfully

C:\PROGRA~2\Runic Games deleted successfully

C:\PROGRA~2\ZJMedia deleted successfully

C:\Program Files\Google deleted successfully

C:\PROGRA~3\BioWare deleted successfully

C:\PROGRA~3\DDF626ADdvdcss deleted successfully

C:\PROGRA~3\DVDRanger deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Jose\AppData\Roaming\WinRAR deleted successfully

C:\Users\Jose\AppData\Local\GameSpy deleted successfully

C:\Users\Jose\AppData\Local\Solid State Networks deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully

==== Installed Programs ======================

7-Zip 9.22beta

Adobe AIR

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader XI (11.0.09)

Age of Mythology - The Titans Expansion

Age of Mythology

Anna - Extended Edition

ArcaniA - Gothic 4

Arcania: Fall of Setarrif

Arma 2

Arma: Gold Edition

AVG 2015

BatmanT: Arkham Origins

BioShock 2

Borderlands 2

Carrier Command: Gaea Mission

Command & ConquerT 3 Tiberium Wars and Kane's Wrath

Command & ConquerT 4 Tiberian Twilight

Command & ConquerT and The Covert OperationsT

Command & ConquerT Red Alert 2 and Yuri's Revenge

Command & ConquerT Red Alert, Counterstrike and The Aftermath

Command & ConquerT Red AlertT 3 and Uprising

Command & ConquerT Renegade

Command & ConquerT The Ultimate Collection Additional Content

Command & ConquerT Tiberian SunT and FirestormT

Command & ConquerT: Generals and Zero Hour

D3DX10

Defense Grid: The Awakening

Defiance

DefianceRuntimes

Dragon Age II

Driver & Application Installation

Dual-Core Optimizer

Dungeon Siege 2

Dungeon Siege III

EA Shared Game Component: Activation

Enclave

GameFly Download Manager

Genesys USB Mass Storage Device

Glyph

Google Update Helper

Gothic

Gothic 3

Gothic 3 Forsaken Gods Enhanced Edition

Gothic II: Gold Edition

Grotesque Tactics 2 - Dungeons and Donuts

Heretic: Shadow of the Serpent Riders

HeXen II

HeXen: Beyond Heretic

HeXen: Deathkings of the Dark Citadel

Holy Avatar vs. Maidens of the Dead

Hydrophobia: Prophecy

Intel® Control Center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intelr Trusted Connect Service Client

Java 7 Update 65

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Junk Mail filter update

Kingdoms of Amalur: Reckoning

Lenovo Blacksilk USB Keyboard Driver

Lenovo Power2Go

Lenovo PowerDVD10

Lenovo Registration

Lenovo Rescue System

Lenovo Screensaver

Linksys Dual-Band Wireless-N USB Network Adapter

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter

LVT

Magicka

Malwarebytes Anti-Malware version 2.0.3.1025

Max Payne

Max Payne 2: The Fall of Max Payne

Max Payne 3

Memento Mori

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 4 Runtime

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610

Microsoft XNA Framework Redistributable 3.1

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

Nexon Launcher

NVIDIA 3D Vision Controller Driver 344.11

NVIDIA Control Panel 344.11

NVIDIA GeForce Experience 2.1.2

NVIDIA GeForce Experience Service

NVIDIA HD Audio Driver 1.3.32.1

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.14.0702

NVIDIA ShadowPlay 16.13.42

NVIDIA Update 16.13.42

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.25

OpenAL

Origin

Original War

Post Mortem

Power Control Switch

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

resident evil 4 / biohazard 4

Resident Evil Revelations / Biohazard Revelations UE

Risen

Risen 2 - Dark Waters

Rockstar Games Social Club

RPG Maker VX Ace

Sanctum

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Serious Sam 2

Serious Sam 3 Dedicated Server

Serious Sam 3 Editor

Serious Sam 3: BFE

Serious Sam Classic: The First Encounter

Serious Sam Classic: The Second Encounter

Serious Sam Double D

Serious Sam HD: The First Encounter

Serious Sam HD: The Second Encounter

Serious Sam HD: The Second Encounter Editor

Serious Sam: The Random Encounter

SHIELD Streaming

SHIELD Wireless Controller Driver

SkypeT 6.21

Space Siege

Star Wars: Knights of the Old Republic

Star Wars: Knights of the Old Republic II

Star Wolves

Star Wolves 2

Steam

Still Life

Still Life 2

Stronghold 2

Stronghold Crusader + Extreme

Stronghold Crusader Extreme HD

Stronghold Legends

Tactical Expansion Mod V1.1

The Elder Scrolls III: Morrowind

The Elder Scrolls IV: Oblivion

The Witcher 2 Enhanced Edition version 3.0

ThemeWallpaper

Torchlight Editor

Torchlight II GUTS

Total War: Shogun 2 - Assembly Kit

Total War: Shogun 2 - TEd

Total War: SHOGUN 2

Two Worlds II

Two Worlds II Castle Defense

Two Worlds: Epic Edition

Unreal Gold

Unreal II: The Awakening

Unreal Tournament 2004

Unreal Tournament 3: Black Edition

Unreal Tournament: Game of the Year Edition

Vampire: The Masquerade - Bloodlines

ViewSonic Monitor Drivers

Visual Studio 2012 x64 Redistributables

Visual Studio 2012 x86 Redistributables

WestwoodChat

WestwoodOnline

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\jmesoft\Service.exe

C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\SysWOW64\UMonit.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\jmesoft\hotkey.exe

C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Windows\jmesoft\JME_LOAD.exe

C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\AVG\AVG2015\avgui.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Jose\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================

Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

R2 - [avgfws] - AVG Firewall - "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe"

R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"

R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"

R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"

R2 - [intel® ME Service] - Intel® ME Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

R2 - [LenovoCOMSvc] - LenovoCOMService - "C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe"

R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"

R2 - [NvNetworkService] - NVIDIA Network Service - "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"

R2 - [NvStreamSvc] - NVIDIA Streamer Service - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

R2 - [nvsvc] - NVIDIA Display Driver Service - "C:\Windows\system32\nvvsvc.exe"

R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe

R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

R3 - [LitModeCtrl] - LitModeCtrl - "C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe"

S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"

S2 - [CLKMSVC10_3A60B698] - CyberLink Product - 2013/02/15 10:25:33 - "C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe" /svc

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

S2 - [skypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"

S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe

S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe

S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"

S3 - [iDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V

S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe

S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V

S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"

S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe

S3 - [steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe

S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe

S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"

S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

S4 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

S4 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

S4 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\hash.dat deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Jose\AppData\Local\CrashRpt deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 16347 MB

CPU Info: Intel® Core i7-3770 CPU @ 3.40GHz

CPU Speed: 3343.2 MHz

Sound Card: Speakers (Realtek High Definiti |

Realtek Digital Output (Realtek |

Display Adapters: NVIDIA GeForce GT 545 | NVIDIA GeForce GT 545 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 2x; Generic PnP Monitor | ViewSonic VA2231 Series |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter | Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (E: | ) E: HL-DT-STBD-RE BH30N

Ports: COM2 LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 1837.7GB

Hard Disks - Free: C: 1156.5GB

Manufacturer *: LENOVO

BIOS Info: AT/AT COMPATIBLE | 02/11/12 | LENOVO - 11c

Time Zone: Mountain Standard Time

Motherboard *: LENOVO

Country: United States

Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: AVG Internet Security 2015 disabled (Outdated)

Firewall: AVG Internet Security 2015 disabled

Internet Explorer Version: 11.0.9600.17358

Adobe Reader version: 11.0.9.29

Sun Java version: 1.7.0_65 (32-bit)

Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-11-01 12:42:30 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2014-11-01 12:42:30 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2014-11-01 12:42:30 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2014-11-01 12:42:30 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2014-11-01 12:42:30 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

====== C:\Users\Jose\AppData\Local\Temp ====

2014-11-03 13:06:21 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\libiconv2.dll

2014-11-03 13:06:21 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\libintl3.dll

2014-11-03 13:06:21 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\pcre3.dll

2014-11-03 13:06:21 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\regex2.dll

2014-11-03 13:06:21 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-10-23 04:10:44 75DF6E34521A58BA74A877C8F1087580 1876296 ----a-w- C:\Windows\Sysnative\nvdispco6434448.dll

2014-10-23 04:10:44 3374B9D84B00755881A621491918A0D9 1539272 ----a-w- C:\Windows\Sysnative\nvdispgenco6434448.dll

====== C:\Windows\Sysnative\drivers =====

2014-10-31 16:40:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2014-10-31 16:39:48 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2014-10-31 16:39:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2014-10-31 16:39:47 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2014-10-15 22:10:25 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2014-10-15 22:10:24 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

2014-10-10 21:14:32 0BB7ECAC81554D83A66A0B9F961BB9D0 274200 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys

2014-10-08 03:43:06 7F6BE4B64811AFECE52FBAD85E31E378 262424 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys

2014-10-06 03:41:40 B4D589C734D796B5B76E0A0E5DA50397 124184 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys

====== C:\Windows\Tasks ======

2014-10-30 17:12:19 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-10-26 09:00:25 -------- d-----w- C:\PROGRA~2\AVG

2014-10-16 08:19:23 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET

======= C: =====

====== C:\Users\Jose\AppData\Roaming ======

2014-11-01 22:35:36 -------- d-----w- C:\Users\Public\AppData\Local\temp

2014-11-01 22:35:36 -------- d-----w- C:\Users\Default\AppData\Local\temp

2014-11-01 22:35:36 -------- d-----w- C:\Users\Default User\AppData\Local\temp

2014-10-31 17:39:09 E9DDC7F882F5FFD8DEEF9B0604CDD7C0 7597 ----a-w- C:\Users\Jose\AppData\Local\Resmon.ResmonCfg

2014-10-30 16:46:48 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG

2014-10-30 16:44:44 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg

2014-10-30 16:44:26 -------- d-----w- C:\Users\Jose\AppData\Roaming\AVG

2014-10-30 16:44:13 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg

2014-10-30 16:43:49 -------- d-----w- C:\Users\Jose\AppData\Local\Avg

2014-10-29 00:17:35 -------- d-----w- C:\Users\Jose\AppData\Local\ElevatedDiagnostics

2014-10-26 09:08:11 -------- d-----w- C:\Users\Jose\AppData\Roaming\AVG2015

2014-10-26 09:06:57 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015

2014-10-26 09:06:42 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015

2014-10-26 09:06:42 -------- d-----w- C:\Users\Jose\AppData\Roaming\TuneUp Software

2014-10-26 09:00:26 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015

2014-10-26 08:58:11 -------- d-----w- C:\Users\Jose\AppData\Local\Avg2015

====== C:\Users\Jose ======

2014-11-03 13:04:31 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Jose\Desktop\AdwCleaner.exe

2014-11-03 13:03:49 057B958D43AE746624F31ACFFEE78542 1706359 ----a-w- C:\Users\Jose\Desktop\JRT.exe

2014-11-01 13:17:50 -------- d-----w- C:\Users\Public\AppData

2014-11-01 02:57:49 F4B463AF154D6236A61A330C24E515D7 2114048 ----a-w- C:\Users\Jose\Desktop\FRST64.exe

2014-10-30 16:43:28 -------- d-----w- C:\ProgramData\AVG

2014-10-26 09:06:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-26 09:01:45 -------- d-----w- C:\ProgramData\AVG2015

2014-10-26 08:58:11 -------- d--h--w- C:\ProgramData\Common Files

====== C: exe-files ==

2014-11-01 00:26:41 5968851C0DA855E9E1360DB6366941E8 412992 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE

2014-11-01 00:26:36 5968851C0DA855E9E1360DB6366941E8 412992 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{62219F2D-B04D-465C-B8C5-1B7697B2F862}\setup.exe

2014-10-30 16:25:32 52B2C1038E4AB6F5647978729B6BBCB3 320528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe

2014-10-27 22:42:37 A11E718E1826586D12EC3B9773241E9E 7139776 ----a-w- C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe

=== C: other files ==

2014-11-03 13:06:21 FE5E6EB4D8B571368AACB6E9C1008A22 184846 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\misc.bat

2014-11-03 13:06:21 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\prelim.bat

2014-11-03 13:06:21 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\TDL4.bat

2014-11-03 13:06:21 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\medfos.bat

2014-11-03 13:06:21 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\surfvox.bat

2014-11-03 13:06:21 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\searchlnk.bat

2014-11-03 13:06:21 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\firefox.bat

2014-11-03 13:06:21 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\ev_clear.bat

2014-11-03 13:06:21 5861E8A3DC97D79B42AF736DCE71FAFF 10175 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\runvalues.bat

2014-11-03 13:06:21 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\mws.bat

2014-11-03 13:06:21 4D7B971F66B827BBC423E06892AD3692 14957 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\get.bat

2014-11-03 13:06:21 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\ask.bat

2014-11-03 13:06:21 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\iexplore.bat

2014-11-03 13:06:21 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\delfolders.bat

2014-11-03 13:06:21 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Jose\AppData\Local\Temp\jrt\chrome.bat

2014-10-31 16:40:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-10-31 16:39:48 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-10-31 16:39:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-10-31 16:39:47 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2365872097-3908279325-1656206436-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

"jmekey"="C:\Windows\jmesoft\hotkey.exe"

"jmesoft"="C:\Windows\jmesoft\ServiceLoader.exe"

"ModeSwitch"="C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe /AutoRun"

"LVT"="C:\Program Files\Lenovo\LVT\LJYZ.exe 1"

"Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot"

"SetDefaultSCR"="C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe"

"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery"

"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

"BDRegion"="C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"

"CLMLServer"="C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"

"UpdateP2GoShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"

"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"UMonit"="C:\Windows\SysWOW64\UMonit.exe"

"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/24/2014 09:59 AM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/24/2014 09:59 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F}" [C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE]

"C:\Windows\SysNative\tasks\{52D0064F-2888-497D-9753-74566470F1C9}" [C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe]

"C:\Windows\SysNative\tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B}" [C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe]

"C:\Windows\SysNative\tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30}" [C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe]

"C:\Windows\SysNative\tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD}" [C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE]

"C:\Windows\SysNative\tasks\{CF60E642-29CC-437B-93CE-952FFD445245}" [C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

oajgghejjpgkmpgbchgjieahoefimdle - C:\Users\Jose\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_enUS498"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=18 14102046 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Jose\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Jose\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 11/03/2014 at 7:28:29.68 ======================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014

Ran by Jose at 2014-11-03 13:28:17

Running from C:\Users\Jose\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )

Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )

Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)

ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)

Arcania: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)

Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)

AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden

Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal)

BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Carrier Command: Gaea Mission (HKLM-x32\...\Steam App 65740) (Version: - Bohemia Interactive)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)

Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)

Defiance (HKLM-x32\...\Glyph Defiance) (Version: - Trion Worlds, Inc.)

DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)

Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)

Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.01.1214 - Lenovo)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)

Dungeon Siege III (HKLM-x32\...\Steam App 39160) (Version: - Obsidian Entertainment)

EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)

EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden

Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)

GameFly Download Manager (HKCU\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.0.2.3 - Genesys Logic)

Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes )

Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )

Gothic 3 Forsaken Gods Enhanced Edition (HKLM-x32\...\Steam App 65600) (Version: - Trine Studios)

Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version: - Piranha – Bytes)

Grotesque Tactics 2 - Dungeons and Donuts (HKLM-x32\...\Steam App 46570) (Version: - )

Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version: - Raven Software)

HeXen II (HKLM-x32\...\Steam App 9060) (Version: - Raven Software)

HeXen: Beyond Heretic (HKLM-x32\...\Steam App 2360) (Version: - Raven Software)

HeXen: Deathkings of the Dark Citadel (HKLM-x32\...\Steam App 2370) (Version: - Raven Software)

Holy Avatar vs. Maidens of the Dead (HKLM-x32\...\Steam App 261720) (Version: - Headup Games)

Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6008 - CyberLink Corp.)

Lenovo Power2Go (x32 Version: 6.0.6008 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.3609 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.3609 - CyberLink Corp.) Hidden

Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.5.120109 - Lenovo)

Linksys Dual-Band Wireless-N USB Network Adapter (HKLM-x32\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1 - Linksys) Hidden

LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 1.01.0213 - Lenovo)

Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Max Payne (HKLM-x32\...\Steam App 12140) (Version: - Remedy Entertainment)

Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)

Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)

Memento Mori (HKLM-x32\...\Steam App 200490) (Version: - Bohemia Interactive)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)

Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)

Original War (HKLM-x32\...\Steam App 235320) (Version: - Altar Games)

Post Mortem (HKLM-x32\...\Steam App 46550) (Version: - Anuman / Microids)

Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.1226 - Lenovo)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)

resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)

Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version: - Capcom)

Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)

Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - )

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)

Sanctum (HKLM-x32\...\Steam App 91600) (Version: - )

Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - )

Serious Sam 3 Dedicated Server (HKLM-x32\...\Steam App 41080) (Version: - )

Serious Sam 3 Editor (HKLM-x32\...\Steam App 41090) (Version: - )

Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)

Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - )

Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - )

Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version: - Mommy's Best Games)

Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)

Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)

Serious Sam HD: The Second Encounter Editor (HKLM-x32\...\Steam App 41040) (Version: - Croteam)

Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version: - )

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Space Siege (HKLM-x32\...\Space Siege) (Version: 1.0 - Sega)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)

Star Wolves (HKLM-x32\...\Steam App 46270) (Version: - X-Bow Software)

Star Wolves 2 (HKLM-x32\...\Steam App 46280) (Version: - X-Bow Software)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Still Life (HKLM-x32\...\Steam App 46480) (Version: - Anuman / Microids)

Still Life 2 (HKLM-x32\...\Steam App 46490) (Version: - Anuman / Microids)

Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version: - FireFly Studios)

Stronghold Crusader + Extreme (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)

Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios)

Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version: - FireFly Studios)

Tactical Expansion Mod V1.1 (HKCU\...\Tactical Expansion Mod V1.1) (Version: - )

The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Softworks)

The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)

The Witcher 2 Enhanced Edition version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)

ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.111103 - Lenovo)

Torchlight Editor (HKLM-x32\...\Steam App 41520) (Version: - Runic Games, Inc.)

Torchlight II GUTS (HKLM-x32\...\Steam App 223070) (Version: - )

Total War: Shogun 2 - Assembly Kit (HKLM-x32\...\Steam App 202930) (Version: - The Creative Assembly)

Total War: Shogun 2 - TEd (HKLM-x32\...\Steam App 202920) (Version: - The Creative Assembly)

Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)

Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)

Two Worlds II Castle Defense (HKLM-x32\...\Steam App 7530) (Version: - Reality Pump Studios)

Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)

Unreal Gold (HKLM-x32\...\Steam App 13250) (Version: - Epic Games)

Unreal II: The Awakening (HKLM-x32\...\Steam App 13200) (Version: - Epic Games)

Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version: - Epic Games)

Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version: - Epic Games)

Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games)

Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Activision)

ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-11-2014 03:09:59 Removed AVG PC TuneUp 2015

01-11-2014 03:12:23 Removed AVG PC TuneUp 2015 (en-US)

03-11-2014 13:30:01 Windows Update

03-11-2014 14:13:05 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-01 15:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D2ECCC4-FDAF-4552-896C-F7DC6DAC3E73} - System32\Tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {1EB9A3E7-CF17-494A-A13E-B314EA4AD13C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {273F41A6-B894-4E4B-9365-94EC174E07E0} - System32\Tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {2F08A5B7-298C-4DDA-9499-6E1A117F25F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {7EF6C1D6-F377-47BE-8ABC-31BF7ED21A14} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)

Task: {8EDD6E06-94A7-4B5F-84A1-BB3718476AD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {C23B5589-8F8A-4467-BA8A-FC3619647F7E} - System32\Tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {C3654624-6276-495F-A244-86AA901A6FF1} - System32\Tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {E46C56E8-C771-4435-9B33-D33B601A198F} - System32\Tasks\{52D0064F-2888-497D-9753-74566470F1C9} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: {E934E428-C332-4F90-B3AA-7660DE98DD9B} - System32\Tasks\{CF60E642-29CC-437B-93CE-952FFD445245} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-11 18:35 - 2014-09-13 14:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-07-11 18:36 - 2011-12-15 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-07-11 18:38 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2013-01-06 10:32 - 2013-01-06 10:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-11 18:38 - 2011-05-25 05:09 - 00049152 _____ () C:\Windows\SysWOW64\UMonit.exe

2012-07-11 18:38 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2014-08-29 04:36 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2013-03-12 16:10 - 2014-10-01 16:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 14:49 - 2014-10-21 12:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2012-08-22 10:44 - 2014-10-21 12:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2009-12-04 15:59 - 2009-12-04 15:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll

2009-12-04 16:04 - 2009-12-04 16:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

2012-07-11 18:38 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

2012-08-22 10:44 - 2014-09-04 16:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-10-16 15:53 - 2014-10-16 15:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2012-07-11 18:36 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-07-11 18:36 - 2011-12-15 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2365872097-3908279325-1656206436-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2365872097-3908279325-1656206436-1005 - Limited - Enabled)

Guest (S-1-5-21-2365872097-3908279325-1656206436-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2365872097-3908279325-1656206436-1002 - Limited - Enabled)

Jose (S-1-5-21-2365872097-3908279325-1656206436-1000 - Administrator - Enabled) => C:\Users\Jose

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/03/2014 07:29:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:20:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:12:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (11/03/2014 01:16:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 01:16:13 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:38:59 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:01:37 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:01:29 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 08:37:10 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 07:20:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:

=========================

Error: (11/03/2014 07:29:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:20:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:12:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:

===================================

Date: 2014-11-01 07:13:41.681

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-01 07:13:41.651

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz

Percentage of memory in use: 20%

Total physical RAM: 16346.91 MB

Available physical RAM: 12969.35 MB

Total Pagefile: 32691.99 MB

Available Pagefile: 29344.21 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1837.75 GB) (Free:1156.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E0F3F1F9)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1837.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

Link to post
Share on other sites

Oops, pasted wrong file in first part. Here's the proper FRST reports. Sorry!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014

Ran by Jose (administrator) on JOSE-PC on 03-11-2014 13:27:37

Running from C:\Users\Jose\Desktop

Loaded Profile: Jose (Available profiles: Jose)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Windows\jmesoft\Service.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Windows\SysWOW64\UMonit.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Lenovo) C:\Windows\jmesoft\hotkey.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

() C:\Windows\jmesoft\JME_LOAD.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12850792 2011-09-05] (Realtek Semiconductor)

HKLM\...\Run: [uMonit] => C:\Windows\SysWOW64\UMonit.exe [49152 2011-05-25] ()

HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)

HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()

HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [712192 2011-12-20] (Lenovo)

HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)

HKLM-x32\...\Run: [setDefaultSCR] => C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo)

HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)

HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND_enUS498

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:

=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-10-16] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)

S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-15] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]

R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]

R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [101888 2011-11-07] (Lenovo) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-12-10] ()

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)

R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-17] (GenesysLogic)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-12-10] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 wsvd; C:\Windows\SysWOW64\DRIVERS\wsvd.sys [121840 2009-07-21] (CyberLink)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 07:29 - 2014-11-03 07:29 - 00036154 _____ () C:\Users\Jose\Desktop\zoek-results.txt

2014-11-03 07:26 - 2014-11-03 07:12 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-11-03 07:13 - 2014-11-03 07:28 - 00036154 _____ () C:\zoek-results.log

2014-11-03 07:12 - 2014-11-03 07:20 - 00000000 ____D () C:\zoek_backup

2014-11-03 07:10 - 2014-11-03 07:10 - 01292800 _____ () C:\Users\Jose\Desktop\zoek.exe

2014-11-03 06:19 - 2014-11-03 06:19 - 00001104 _____ () C:\Users\Jose\Desktop\AdwCleaner[s0].txt

2014-11-03 06:13 - 2014-11-03 06:17 - 00000000 ____D () C:\AdwCleaner

2014-11-03 06:08 - 2014-11-03 06:08 - 00001112 _____ () C:\Users\Jose\Desktop\JRT.txt

2014-11-03 06:06 - 2014-11-03 06:06 - 00000000 ____D () C:\Windows\ERUNT

2014-11-03 06:04 - 2014-11-03 06:04 - 01375089 _____ () C:\Users\Jose\Desktop\AdwCleaner.exe

2014-11-03 06:03 - 2014-11-03 06:03 - 01706359 _____ (Thisisu) C:\Users\Jose\Desktop\JRT.exe

2014-11-01 17:28 - 2014-11-01 17:28 - 00039294 _____ () C:\Users\Jose\Desktop\Addition(2nd).txt

2014-11-01 17:28 - 2014-11-01 17:28 - 00037279 _____ () C:\Users\Jose\Desktop\FRST(2nd).txt

2014-11-01 17:20 - 2014-11-03 13:27 - 00000000 ____D () C:\Users\Jose\Desktop\FRST-OlderVersion

2014-11-01 15:35 - 2014-11-01 15:35 - 00026681 _____ () C:\ComboFix.txt

2014-11-01 05:42 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-01 05:42 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-01 05:42 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-01 05:42 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-01 05:42 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-01 05:42 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-01 05:42 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-01 05:42 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-01 05:39 - 2014-11-01 15:35 - 00000000 ____D () C:\Qoobox

2014-11-01 05:39 - 2014-11-01 15:29 - 00000000 ____D () C:\Windows\erdnt

2014-11-01 05:38 - 2014-11-01 05:38 - 05591672 ____R (Swearware) C:\Users\Jose\Desktop\ComboFix.exe

2014-10-31 21:00 - 2014-11-03 13:28 - 00017053 _____ () C:\Users\Jose\Desktop\FRST.txt

2014-10-31 21:00 - 2014-11-01 17:21 - 00039294 _____ () C:\Users\Jose\Desktop\Addition.txt

2014-10-31 19:58 - 2014-11-03 13:27 - 00000000 ____D () C:\FRST

2014-10-31 19:57 - 2014-11-03 13:27 - 02114560 _____ (Farbar) C:\Users\Jose\Desktop\FRST64.exe

2014-10-31 10:39 - 2014-10-31 10:39 - 00007597 _____ () C:\Users\Jose\AppData\Local\Resmon.ResmonCfg

2014-10-31 09:40 - 2014-11-03 08:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-31 09:39 - 2014-10-31 09:39 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-31 09:39 - 2014-10-31 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-31 09:39 - 2014-10-31 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-31 09:39 - 2014-10-31 09:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-31 09:39 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-31 09:39 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-31 09:39 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-30 10:12 - 2014-10-31 09:27 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager

2014-10-30 09:44 - 2014-10-30 09:44 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\AVG

2014-10-30 09:43 - 2014-10-30 09:44 - 00000000 ____D () C:\ProgramData\AVG

2014-10-30 09:43 - 2014-10-30 09:43 - 00000000 ____D () C:\Users\Jose\AppData\Local\Avg

2014-10-29 10:41 - 2014-11-03 07:27 - 00002688 _____ () C:\Windows\setupact.log

2014-10-29 10:41 - 2014-10-29 10:41 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-26 02:08 - 2014-10-26 02:08 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\AVG2015

2014-10-26 02:06 - 2014-10-30 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-26 02:06 - 2014-10-26 02:06 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2015.lnk

2014-10-26 02:06 - 2014-10-26 02:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\TuneUp Software

2014-10-26 02:01 - 2014-10-26 02:17 - 00000000 ____D () C:\ProgramData\AVG2015

2014-10-26 02:01 - 2014-10-26 02:01 - 00000000 ____D () C:\$AVG

2014-10-26 02:00 - 2014-10-30 09:44 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-10-26 01:58 - 2014-11-03 13:22 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-26 01:58 - 2014-10-26 02:23 - 00000000 ____D () C:\Users\Jose\AppData\Local\Avg2015

2014-10-26 01:58 - 2014-10-26 01:58 - 00000000 ____D () C:\Users\Jose\AppData\Local\MFAData

2014-10-22 21:10 - 2014-10-16 09:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll

2014-10-22 21:10 - 2014-10-16 09:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll

2014-10-16 01:19 - 2014-10-16 01:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET

2014-10-15 15:11 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 15:11 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 15:11 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 15:11 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 15:11 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 15:11 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 15:11 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 15:11 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 15:11 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 15:11 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 15:11 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 15:11 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 15:11 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 15:11 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 15:11 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 15:11 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 15:11 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 15:11 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 15:11 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 15:11 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 15:11 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 15:11 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 15:11 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 15:11 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 15:11 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 15:11 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 15:11 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 15:11 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 15:11 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 15:11 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 15:11 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 15:11 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 15:11 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 15:11 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 15:11 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 15:11 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 15:11 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 15:11 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 15:11 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 15:11 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 15:11 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 15:11 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 15:11 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 15:11 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 15:11 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 15:11 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 15:11 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 15:11 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 15:11 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 15:11 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 15:11 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 15:11 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 15:11 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 15:11 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 15:11 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 15:11 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 15:11 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 15:11 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 15:11 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 15:11 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 15:11 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 15:10 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 15:10 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 15:10 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 15:10 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 15:10 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 15:10 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 15:10 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 15:10 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 15:10 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-15 15:10 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 15:10 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 15:10 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 15:10 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 15:10 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 15:10 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 15:10 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 15:10 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 15:10 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 15:10 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 15:10 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-10 14:14 - 2014-10-10 14:14 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys

2014-10-07 20:43 - 2014-10-07 20:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2014-10-05 20:41 - 2014-10-05 20:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 13:16 - 2012-08-22 10:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-03 13:16 - 2012-07-11 18:44 - 01432403 _____ () C:\Windows\WindowsUpdate.log

2014-11-03 08:16 - 2012-09-14 19:52 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Skype

2014-11-03 07:35 - 2009-07-13 21:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-03 07:35 - 2009-07-13 21:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-03 07:33 - 2009-07-13 22:13 - 00795818 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-03 07:28 - 2012-08-22 10:40 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-03 07:27 - 2010-11-20 20:47 - 00453878 _____ () C:\Windows\PFRO.log

2014-11-03 07:27 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-03 07:26 - 2012-08-22 15:05 - 00000008 _____ () C:\Users\Jose\Documents\lmscfg

2014-11-01 15:35 - 2013-12-02 11:09 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0

2014-11-01 15:31 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

2014-11-01 15:29 - 2009-07-13 19:34 - 66846720 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-11-01 15:29 - 2009-07-13 19:34 - 27000832 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-11-01 15:29 - 2009-07-13 19:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-11-01 15:29 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-11-01 15:29 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-11-01 06:17 - 2009-07-13 20:20 - 00000000 ___HD () C:\Users\Default

2014-11-01 01:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache

2014-10-31 17:26 - 2012-07-11 18:39 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-10-31 17:26 - 2012-07-11 18:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-10-31 17:25 - 2012-08-23 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-10-31 10:29 - 2014-04-23 19:56 - 00003002 _____ () C:\Windows\System32\Tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F}

2014-10-31 10:29 - 2014-04-23 17:14 - 00003002 _____ () C:\Windows\System32\Tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD}

2014-10-31 10:29 - 2012-10-31 08:51 - 00003048 _____ () C:\Windows\System32\Tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B}

2014-10-31 10:29 - 2012-10-31 08:50 - 00003048 _____ () C:\Windows\System32\Tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30}

2014-10-31 02:04 - 2012-07-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-30 20:48 - 2012-08-22 10:29 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google

2014-10-30 12:45 - 2012-07-11 18:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-30 12:45 - 2012-07-11 18:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-30 12:10 - 2012-07-11 18:41 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-30 12:10 - 2012-07-11 18:41 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-30 10:15 - 2012-07-11 18:40 - 00000000 ____D () C:\Program Files (x86)\Windows Live

2014-10-30 10:12 - 2013-01-19 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts

2014-10-30 04:25 - 2010-11-20 20:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-29 11:01 - 2012-07-11 18:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-10-28 17:15 - 2014-09-18 12:49 - 00000000 ____D () C:\Users\Jose\AppData\Local\Warframe

2014-10-18 03:39 - 2014-09-20 15:30 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-18 03:39 - 2012-09-14 19:52 - 00000000 ____D () C:\ProgramData\Skype

2014-10-16 16:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 07:11 - 2012-07-11 18:35 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-10-16 02:10 - 2009-07-13 21:45 - 00276960 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 02:08 - 2014-05-06 04:44 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 01:19 - 2013-08-05 11:14 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 01:17 - 2012-08-22 11:17 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-04 08:05 - 2014-09-01 13:46 - 00000000 ____D () C:\Users\Jose\Tales of Graces F

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 17:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014

Ran by Jose at 2014-11-03 13:28:17

Running from C:\Users\Jose\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )

Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )

Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)

ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)

Arcania: Fall of Setarrif (HKLM-x32\...\Steam App 65610) (Version: - Spellbound Studios)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)

Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)

AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden

Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal)

BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Carrier Command: Gaea Mission (HKLM-x32\...\Steam App 65740) (Version: - Bohemia Interactive)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)

Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)

Defiance (HKLM-x32\...\Glyph Defiance) (Version: - Trion Worlds, Inc.)

DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)

Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)

Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.01.1214 - Lenovo)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)

Dungeon Siege III (HKLM-x32\...\Steam App 39160) (Version: - Obsidian Entertainment)

EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)

EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden

Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)

GameFly Download Manager (HKCU\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.0.2.3 - Genesys Logic)

Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Gothic (HKLM-x32\...\Steam App 65540) (Version: - Piranha – Bytes )

Gothic 3 (HKLM-x32\...\Steam App 39500) (Version: - Piranha – Bytes )

Gothic 3 Forsaken Gods Enhanced Edition (HKLM-x32\...\Steam App 65600) (Version: - Trine Studios)

Gothic II: Gold Edition (HKLM-x32\...\Steam App 39510) (Version: - Piranha – Bytes)

Grotesque Tactics 2 - Dungeons and Donuts (HKLM-x32\...\Steam App 46570) (Version: - )

Heretic: Shadow of the Serpent Riders (HKLM-x32\...\Steam App 2390) (Version: - Raven Software)

HeXen II (HKLM-x32\...\Steam App 9060) (Version: - Raven Software)

HeXen: Beyond Heretic (HKLM-x32\...\Steam App 2360) (Version: - Raven Software)

HeXen: Deathkings of the Dark Citadel (HKLM-x32\...\Steam App 2370) (Version: - Raven Software)

Holy Avatar vs. Maidens of the Dead (HKLM-x32\...\Steam App 261720) (Version: - Headup Games)

Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)

Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)

Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6008 - CyberLink Corp.)

Lenovo Power2Go (x32 Version: 6.0.6008 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)

Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.3609 - CyberLink Corp.)

Lenovo Rescue System (Version: 3.0.3609 - CyberLink Corp.) Hidden

Lenovo Screensaver (HKLM-x32\...\{803E6DED-5050-4E3D-B26A-5915397362CD}) (Version: 1.0.5.120109 - Lenovo)

Linksys Dual-Band Wireless-N USB Network Adapter (HKLM-x32\...\InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}) (Version: 1.0.0.1 - Linksys)

Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter (x32 Version: 1.0.0.1 - Linksys) Hidden

LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 1.01.0213 - Lenovo)

Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Max Payne (HKLM-x32\...\Steam App 12140) (Version: - Remedy Entertainment)

Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)

Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)

Memento Mori (HKLM-x32\...\Steam App 200490) (Version: - Bohemia Interactive)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)

Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)

Original War (HKLM-x32\...\Steam App 235320) (Version: - Altar Games)

Post Mortem (HKLM-x32\...\Steam App 46550) (Version: - Anuman / Microids)

Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.1226 - Lenovo)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)

resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)

Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version: - Capcom)

Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)

Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - )

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)

Sanctum (HKLM-x32\...\Steam App 91600) (Version: - )

Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - )

Serious Sam 3 Dedicated Server (HKLM-x32\...\Steam App 41080) (Version: - )

Serious Sam 3 Editor (HKLM-x32\...\Steam App 41090) (Version: - )

Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)

Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - )

Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version: - )

Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version: - Mommy's Best Games)

Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)

Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)

Serious Sam HD: The Second Encounter Editor (HKLM-x32\...\Steam App 41040) (Version: - Croteam)

Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version: - )

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Space Siege (HKLM-x32\...\Space Siege) (Version: 1.0 - Sega)

Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)

Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)

Star Wolves (HKLM-x32\...\Steam App 46270) (Version: - X-Bow Software)

Star Wolves 2 (HKLM-x32\...\Steam App 46280) (Version: - X-Bow Software)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Still Life (HKLM-x32\...\Steam App 46480) (Version: - Anuman / Microids)

Still Life 2 (HKLM-x32\...\Steam App 46490) (Version: - Anuman / Microids)

Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version: - FireFly Studios)

Stronghold Crusader + Extreme (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)

Stronghold Crusader Extreme HD (HKLM-x32\...\Steam App 16700) (Version: - Firefly Studios)

Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version: - FireFly Studios)

Tactical Expansion Mod V1.1 (HKCU\...\Tactical Expansion Mod V1.1) (Version: - )

The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Softworks)

The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)

The Witcher 2 Enhanced Edition version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)

ThemeWallpaper (HKLM-x32\...\{F29CBF73-C211-4616-898A-379A2679F990}) (Version: 1.2.0.111103 - Lenovo)

Torchlight Editor (HKLM-x32\...\Steam App 41520) (Version: - Runic Games, Inc.)

Torchlight II GUTS (HKLM-x32\...\Steam App 223070) (Version: - )

Total War: Shogun 2 - Assembly Kit (HKLM-x32\...\Steam App 202930) (Version: - The Creative Assembly)

Total War: Shogun 2 - TEd (HKLM-x32\...\Steam App 202920) (Version: - The Creative Assembly)

Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)

Two Worlds II (HKLM-x32\...\Steam App 7520) (Version: - Reality Pump Studios)

Two Worlds II Castle Defense (HKLM-x32\...\Steam App 7530) (Version: - Reality Pump Studios)

Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version: - Reality Pump Studios)

Unreal Gold (HKLM-x32\...\Steam App 13250) (Version: - Epic Games)

Unreal II: The Awakening (HKLM-x32\...\Steam App 13200) (Version: - Epic Games)

Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version: - Epic Games)

Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version: - Epic Games)

Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games)

Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Activision)

ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-11-2014 03:09:59 Removed AVG PC TuneUp 2015

01-11-2014 03:12:23 Removed AVG PC TuneUp 2015 (en-US)

03-11-2014 13:30:01 Windows Update

03-11-2014 14:13:05 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-01 15:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D2ECCC4-FDAF-4552-896C-F7DC6DAC3E73} - System32\Tasks\{BBB98D3E-E654-4063-B96D-30D6DAF165AD} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {1EB9A3E7-CF17-494A-A13E-B314EA4AD13C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {273F41A6-B894-4E4B-9365-94EC174E07E0} - System32\Tasks\{9C6FF335-8AB1-4917-8D2E-FA14F4E8CE30} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {2F08A5B7-298C-4DDA-9499-6E1A117F25F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {7EF6C1D6-F377-47BE-8ABC-31BF7ED21A14} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)

Task: {8EDD6E06-94A7-4B5F-84A1-BB3718476AD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {C23B5589-8F8A-4467-BA8A-FC3619647F7E} - System32\Tasks\{87950514-1953-4DB9-8FB9-363FA61FC18B} => C:\Program Files (x86)\Steam\steamapps\common\Vampire The Masquerade - Bloodlines\vampire.exe [2012-10-31] ()

Task: {C3654624-6276-495F-A244-86AA901A6FF1} - System32\Tasks\{27896DBF-2E9B-4455-A1B0-0F598765BF3F} => C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE [2013-12-14] (Piranha Bytes Software GmbH)

Task: {E46C56E8-C771-4435-9B33-D33B601A198F} - System32\Tasks\{52D0064F-2888-497D-9753-74566470F1C9} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: {E934E428-C332-4F90-B3AA-7660DE98DD9B} - System32\Tasks\{CF60E642-29CC-437B-93CE-952FFD445245} => C:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-11 18:35 - 2014-09-13 14:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-07-11 18:36 - 2011-12-15 21:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-07-11 18:38 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe

2013-01-06 10:32 - 2013-01-06 10:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-11 18:38 - 2011-05-25 05:09 - 00049152 _____ () C:\Windows\SysWOW64\UMonit.exe

2012-07-11 18:38 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe

2014-08-29 04:36 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2013-03-12 16:10 - 2014-10-01 16:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 14:49 - 2014-10-21 12:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 04:36 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2012-08-22 10:44 - 2014-10-21 12:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2009-12-04 15:59 - 2009-12-04 15:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll

2009-12-04 16:04 - 2009-12-04 16:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

2012-07-11 18:38 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

2012-08-22 10:44 - 2014-09-04 16:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-10-16 15:53 - 2014-10-16 15:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2012-07-11 18:36 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-07-11 18:36 - 2011-12-15 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2365872097-3908279325-1656206436-500 - Administrator - Disabled)

ASPNET (S-1-5-21-2365872097-3908279325-1656206436-1005 - Limited - Enabled)

Guest (S-1-5-21-2365872097-3908279325-1656206436-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2365872097-3908279325-1656206436-1002 - Limited - Enabled)

Jose (S-1-5-21-2365872097-3908279325-1656206436-1000 - Administrator - Enabled) => C:\Users\Jose

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/03/2014 07:29:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:20:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:12:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (11/03/2014 01:16:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 01:16:13 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:38:59 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:01:37 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 09:01:29 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 08:37:10 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: The LitModeCtrl service has reported an invalid current state 32.

Error: (11/03/2014 07:20:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 07:20:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:

=========================

Error: (11/03/2014 07:29:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:20:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 06:12:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:

===================================

Date: 2014-11-01 07:13:41.681

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-01 07:13:41.651

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz

Percentage of memory in use: 20%

Total physical RAM: 16346.91 MB

Available physical RAM: 12969.35 MB

Total Pagefile: 32691.99 MB

Available Pagefile: 29344.21 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1837.75 GB) (Free:1156.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E0F3F1F9)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1837.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

==================== End Of Log ============================

Link to post
Share on other sites

Hi :)

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startCloseProcesses:HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2365872097-3908279325-1656206436-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VMAlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VMAlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VMEmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

Link to post
Share on other sites

Hello, here's the reports as requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014

Ran by Jose at 2014-11-04 03:00:44 Run:1

Running from C:\Users\Jose\Desktop

Loaded Profile: Jose (Available profiles: Jose)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

EmptyTemp:

end

*****************

Processes closed successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-2365872097-3908279325-1656206436-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.

catchme => Service deleted successfully.

EagleX64 => Service deleted successfully.

C:\ProgramData => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS removed successfully.

"C:\Users\All Users" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.

"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.

EmptyTemp: => Removed 160.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/4/2014

Scan Time: 3:07:00 AM

Logfile: MWlog.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.04.02

Rootkit Database: v2014.11.01.02

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jose

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 341551

Time Elapsed: 10 min, 18 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

ESET gave me 2 different logs, the 1st is what was located in the C:\Program Files (x86)\ESET\ESET Online Scanner.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

This is the ESET scan results log.

C:\Qoobox\Quarantine\Registry_backups\CLSID_{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.reg.dat Win32/Poweliks.C Trojan

Link to post
Share on other sites

Looks OK.

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

Here it is:

Results of screen317's Security Check version 0.99.89

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

AVG Internet Security 2015

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 65

Java version out of Date!

Adobe Flash Player 15.0.0.152

Adobe Reader XI

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

AVG avgwdsvc.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Update your Java. It's absolutely crucial.

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

Okay, here you go:

# DelFix v10.8 - Logfile created 07/11/2014 at 08:37:24

# Updated 29/07/2014 by Xplode

# Username : Jose - JOSE-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\Users\Jose\Desktop\FRST-OlderVersion

Deleted : C:\ComboFix.txt

Deleted : C:\zoek-results.log

Deleted : C:\Users\Jose\Desktop\Addition(2nd).txt

Deleted : C:\Users\Jose\Desktop\Addition(3rd).txt

Deleted : C:\Users\Jose\Desktop\Addition.txt

Deleted : C:\Users\Jose\Desktop\AdwCleaner.exe

Deleted : C:\Users\Jose\Desktop\AdwCleaner[s0].txt

Deleted : C:\Users\Jose\Desktop\ComboFix.exe

Deleted : C:\Users\Jose\Desktop\Fixlog.txt

Deleted : C:\Users\Jose\Desktop\FRST(2nd).txt

Deleted : C:\Users\Jose\Desktop\FRST(3rd).txt

Deleted : C:\Users\Jose\Desktop\FRST.txt

Deleted : C:\Users\Jose\Desktop\FRST64.exe

Deleted : C:\Users\Jose\Desktop\JRT.exe

Deleted : C:\Users\Jose\Desktop\JRT.txt

Deleted : C:\Users\Jose\Desktop\log.txt

Deleted : C:\Users\Jose\Desktop\SecurityCheck.exe

Deleted : C:\Users\Jose\Desktop\zoek-results.txt

Deleted : C:\Users\Jose\Desktop\zoek.exe

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #423 [Windows Update | 11/06/2014 15:42:58]

Deleted : RP #424 [installed Java 7 Update 71 | 11/07/2014 15:34:10]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Link to post
Share on other sites

No, I think that you are ready to go. Unless you see some more things that need our attention?

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:

icon_exclaim.gif MUST READ - security tips: Keep your computer safe online.

icon_exclaim.gif MUST READ - general maintenance: Slow computer/browser? Check here.

Recommended additional software:

icon_arrow.gif TFC - to clean unneeded temporary files.

icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gif McShield - to prevent infections spread by removable media.

icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.

All donations are to refund a new HDD to replace the old one, which recently passed away! btn_donate_SM.gif

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Minion-Bye-smaller.jpg

Stay safe,

Naat :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.