Jump to content

Start up has very long black screen


Recommended Posts

From what i gathered in my own muddling around i have a virus dlee_device and dleeCATSCustConnectService malwarebytes pro or Microsoft security essentials is not picking it up if i am wrong on those files, my symptoms currently are in comparison a very long computer start up time a black screen before actually logging in is there for about 10 seconds any help is definitely appreciated.  

 

Below is my frst scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Donovan (administrator) on DONOVANS-PC on 13-01-2015 21:25:54
Running from C:\Users\Donovan\Desktop
Loaded Profile: Donovan (Available profiles: Donovan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() D:\DIMMDRIVE\ddservice.exe
( ) C:\Windows\System32\dleecoms.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Valve Corporation) E:\Steam\Steam.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Secure By Design Inc.) C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\x64\S5wow_2005.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-11-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-11-29] (Atheros Commnucations)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [Ninite Updater] => C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe [305664 2014-12-13] (Secure By Design Inc.)
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\Run: [steam] => E:\Steam\steam.exe [1942208 2015-01-09] (Valve Corporation)
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\Run: [EADM] => F:\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1314618202-1260968748-905553310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donovan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1314618202-1260968748-905553310-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://sasktenders.ca/content/public/Search.aspx","hxxp://merx.com/", "hxxp://www.google.com", "hxxp://websearch.thesearchpage.info/?pid=1539&r=2015/01/10&hid=146443283595321162&lg=EN&cc=CA&unqvl=74"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (reddit) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbjdcdemclgpcafgdehfmmakkhnopen [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (MEGA) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Honey) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-01-11]
CHR Extension: (Google Cast) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR Extension: (Google Search) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-13]
CHR Extension: (Google Calendar) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (Plex) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2015-01-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-01-10]
CHR Extension: (Hola Better Internet) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-11]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-13]
CHR Extension: (IE Tab) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-01-11]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2015-01-11]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2015-01-11]
CHR Extension: (Block Misspelled Websites) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkeedolkcnamlgiodhcaielanmffhlil [2015-01-11]
CHR Extension: (DripBot Plus) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbccchmlnodccdacimdpmbbgodkdoih [2015-01-13]
CHR Extension: (Dropbox) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-01-11]
CHR Extension: (Transmogrify for Plex) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdogfefgaagaledbkgeffgbjlaaplpgo [2015-01-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-11]
CHR Extension: (Google Play) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-11]
CHR Extension: (Google Mail Checker) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-11]
CHR Extension: (PDF Cloud Tools) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk [2015-01-11]
CHR Extension: (OneDrive) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-01-11]
CHR Extension: (My Chrome Theme) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-01-11]
CHR Extension: (Enhanced Steam) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-01-21] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-04-15] (ASUSTeK Computer Inc.) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424 2013-04-19] (ASUSTeK Computer Inc.) [File not signed]
R2 Dimmdrive Helper; D:\DIMMDRIVE\ddservice.exe [23872 2014-10-13] ()
S2 dleeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [45224 2010-05-21] ()
R2 dlee_device; C:\Windows\system32\dleecoms.exe [1052328 2010-05-21] ( )
R2 dlee_device; C:\Windows\SysWOW64\dleecoms.exe [598696 2010-05-21] ( )
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; F:\origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-11-29] (Atheros)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] http://www.asmedia.com.tw) [File not signed](
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 Dimmdrive; C:\Windows\System32\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R2 Dimmdrive; C:\Windows\SysWOW64\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AiChargerPlus.sys 4BFB41025FA1C37205EDEEFDE36F7771
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys AA1A87CF0B150A765B55A671A32F992B
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\asmtufdriver.sys B022CF2FF6E5A7774DC796F68AD665B6
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys 78B183A794A08978EA0A8D017054352B
C:\Windows\System32\DRIVERS\athrx.sys B347A59887FA80074403743090CF8D14
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys 26D5F579D12FA37224CC32F2F4BB4FA8
C:\Windows\System32\drivers\btath_avdt.sys 38B5D9ACC7BC80E737F8F86127B6B47B
C:\Windows\System32\DRIVERS\btath_bus.sys 3FE1E64011BF4EA727AD0C8A26C303C2
C:\Windows\System32\DRIVERS\btath_hcrp.sys 6EFA8C93009E0BE0886C2422C7D20BC5
C:\Windows\System32\DRIVERS\btath_lwflt.sys E6BAD29E234AA5BDF003479DC33AC553
C:\Windows\System32\DRIVERS\btath_rcp.sys 5DDA87869BBCEC62A866211CB7B5DE9E
C:\Windows\System32\DRIVERS\btfilter.sys C9177315415FA501B803166DA350FDE4
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 30710AEFCE721CEEE0F35EB6A01C263C
C:\Windows\System32\drivers\dimmdrive.sys CE74E8F6B5180C1DC0555372FCDD801F
C:\Windows\SysWOW64\drivers\dimmdrive.sys CE74E8F6B5180C1DC0555372FCDD801F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1d62x64.sys 8020B5D39DDFF589200EBD5592314F83
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys FA4C48E36F0B24E7E33D3E7E1844B9C9
C:\Windows\System32\DRIVERS\iaStorF.sys 05E24E2CA39C0D2FAADE8FC603345A7D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 9AE6969F3B31AA4CC5AD73F635D69DF9
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 897B93573F07C9CB1140516DAC44BC7E
C:\Windows\System32\DRIVERS\iusb3hub.sys 2D15CEDF619796002E8640F73A4BF920
C:\Windows\System32\DRIVERS\iusb3xhc.sys F1E93FE111924D0BC853155AADF8048B
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ladfGSCamd64.sys 305BB2AC00D46542E0A653AB63F4ABB1
C:\Windows\System32\DRIVERS\ladfGSRamd64.sys 28CDDC7D478A6313F55077416DCBD0DE
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 478CC94C937D235CB0A96AB8F2359D81
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 7E4355930B28C2798D9F09AB9F81151F
C:\Windows\System32\DRIVERS\nvlddmkm.sys ED4D88A04D22E6B00DB6BC8FACDBAFED
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 0C4A0D577A6EF1B9D353851668779944
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 91310683D7B6B292B746D60734B59322
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\drivers\TrueSight.sys FD44FA80DA03EA144153A76DEBBB61B4
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 21:25 - 2015-01-13 21:26 - 00041948 _____ () C:\Users\Donovan\Desktop\FRST.txt
2015-01-13 21:25 - 2015-01-13 21:25 - 02124288 _____ (Farbar) C:\Users\Donovan\Desktop\FRST64.exe
2015-01-13 21:25 - 2015-01-13 21:25 - 00000000 ____D () C:\FRST
2015-01-13 21:13 - 2015-01-13 21:13 - 00000000 ___RD () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-13 21:12 - 2015-01-13 21:12 - 00002429 _____ () C:\Users\Public\Desktop\Dimmdrive.lnk
2015-01-13 21:12 - 2015-01-13 21:12 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Dimmdrive
2015-01-13 21:12 - 2015-01-13 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dimmdrive
2015-01-13 21:12 - 2013-09-14 11:15 - 00056960 _____ (Dimmdrive) C:\Windows\system32\Drivers\dimmdrive.sys
2015-01-13 21:10 - 2015-01-13 21:10 - 06410240 _____ () C:\Users\Donovan\Downloads\dimmdrive.msi
2015-01-10 15:57 - 2015-01-10 15:57 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 15:51 - 2015-01-13 21:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 15:51 - 2015-01-13 20:56 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 15:51 - 2015-01-10 15:51 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-10 15:51 - 2015-01-10 15:51 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-10 15:51 - 2015-01-10 15:51 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 15:51 - 2015-01-10 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 15:39 - 2015-01-10 15:39 - 00024894 _____ () C:\ComboFix.txt
2015-01-10 15:14 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 15:14 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 15:14 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 15:11 - 2015-01-10 15:39 - 00000000 ____D () C:\Qoobox
2015-01-10 15:11 - 2015-01-10 15:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-10 15:11 - 2015-01-10 15:16 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 15:11 - 2015-01-10 15:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-10 15:10 - 2015-01-10 15:10 - 15340120 _____ () C:\Users\Donovan\Downloads\RogueKiller.exe
2015-01-10 15:10 - 2015-01-10 15:10 - 05609736 ____R (Swearware) C:\Users\Donovan\Downloads\ComboFix.exe
2015-01-10 14:48 - 2015-01-11 15:18 - 00000000 ____D () C:\AdwCleaner
2015-01-10 14:47 - 2015-01-10 14:47 - 02191360 _____ () C:\Users\Donovan\Downloads\AdwCleaner.exe
2015-01-10 14:35 - 2015-01-13 21:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 14:35 - 2015-01-10 14:35 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 14:35 - 2015-01-10 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 14:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 14:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 14:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 13:24 - 2015-01-10 13:24 - 00000000 ____D () C:\Program Files (x86)\Send to Kindle
2015-01-10 13:23 - 2015-01-10 14:44 - 00000000 ____D () C:\Program Files (x86)\PriceChoupp
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\ProgramData\cimbmbfpchngipjdimcaefhcemhaemdj
2015-01-10 13:21 - 2015-01-11 15:16 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\.minecraft
2015-01-10 13:21 - 2015-01-10 13:21 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\java
2015-01-10 13:19 - 2015-01-10 13:19 - 00000601 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-01-10 13:19 - 2015-01-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-10 11:38 - 2015-01-10 11:38 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Arrowhead
2015-01-09 21:06 - 2015-01-09 21:06 - 00007502 _____ () C:\Users\Donovan\Downloads\Median XL The Chest of Item Creation V4 - Ultimative Compatible.rar
2015-01-09 21:06 - 2013-12-12 13:19 - 00046812 _____ () C:\Users\Donovan\Downloads\_LOD_SharedStashSave.sss
2015-01-05 17:21 - 2015-01-05 17:21 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-04 15:55 - 2015-01-04 15:55 - 00002998 _____ () C:\Windows\System32\Tasks\{A2A3AC5F-8D53-4229-B2AC-E59632D51B00}
2015-01-04 15:46 - 2015-01-04 16:09 - 00000000 ____D () C:\Users\Donovan\Documents\Bully Scholarship Edition
2015-01-03 09:56 - 2015-01-03 09:59 - 00000000 ____D () C:\Users\Donovan\Desktop\Pokemon Insurgence 1.0.11
2015-01-02 21:08 - 2015-01-02 21:08 - 00000000 ____D () C:\Users\Donovan\Documents\WB Games
2015-01-01 20:25 - 2015-01-01 20:25 - 00000218 _____ () C:\Users\Donovan\AppData\Local\recently-used.xbel
2014-12-28 22:27 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-28 22:27 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-28 22:27 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-28 22:27 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-28 22:27 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-28 22:27 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-28 22:27 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-28 22:27 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-28 22:27 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-28 22:27 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-28 22:26 - 2014-11-21 05:35 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 09058816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-28 22:26 - 2014-11-21 05:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 22:26 - 2014-11-21 05:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 22:26 - 2014-11-21 05:32 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 22:26 - 2014-11-21 04:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 22:26 - 2014-11-21 04:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 22:26 - 2014-11-21 04:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-28 22:26 - 2014-11-21 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 22:26 - 2014-11-21 04:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 22:26 - 2014-11-21 04:23 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 22:26 - 2014-11-21 03:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 22:26 - 2014-11-21 02:55 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 22:26 - 2014-11-21 01:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 22:26 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-28 22:26 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-28 22:26 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-28 22:26 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-28 22:26 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-28 22:26 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-28 22:26 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-28 22:26 - 2014-10-29 20:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 22:26 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-28 22:26 - 2014-10-29 19:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 22:26 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-28 22:26 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-28 22:26 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-28 22:26 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-28 22:26 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-28 22:26 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-28 22:26 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-28 22:26 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-28 22:26 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-28 22:26 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-28 22:26 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-28 22:26 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-28 22:26 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-28 22:26 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-28 22:26 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-28 22:26 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-28 22:26 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-28 22:26 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-28 22:26 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-28 22:25 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-28 22:25 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-28 22:25 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-28 22:25 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-28 22:25 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-28 22:25 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-28 22:25 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-28 22:01 - 2014-12-28 22:01 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-12-28 22:01 - 2014-12-28 22:01 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-28 21:56 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-28 21:56 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-28 21:56 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-28 21:56 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-28 17:33 - 2014-12-28 17:33 - 00000000 ____D () C:\Users\Donovan\Documents\Larian Studios
2014-12-28 16:50 - 2014-12-28 16:50 - 00007605 _____ () C:\Users\Donovan\AppData\Local\Resmon.ResmonCfg
2014-12-28 16:24 - 2014-12-12 18:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-28 16:22 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-28 16:22 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-28 16:22 - 2014-10-09 11:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-28 16:22 - 2014-10-09 11:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-28 16:22 - 2014-10-09 01:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-28 15:56 - 2014-12-28 16:07 - 00000000 ____D () C:\Users\Donovan\Documents\Lords of the Fallen
2014-12-28 15:09 - 2014-12-28 15:09 - 00000000 ____D () C:\Users\Donovan\AppData\Local\TeamViewer
2014-12-20 23:42 - 2014-12-20 23:42 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\.mono
2014-12-20 20:33 - 2014-12-20 20:33 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Introversion
2014-12-19 19:47 - 2014-12-19 19:47 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Activision
2014-12-18 20:57 - 2014-12-18 20:57 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Bloons TD 5
2014-12-18 20:25 - 2014-12-18 20:25 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Injustice
2014-12-16 21:35 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-16 21:35 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-16 21:31 - 2014-12-18 16:57 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Origin
2014-12-16 21:31 - 2014-12-16 21:32 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Origin
2014-12-16 21:30 - 2015-01-13 21:23 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 21:30 - 2014-12-16 21:30 - 00000535 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-16 21:30 - 2014-12-16 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-15 19:53 - 2014-12-15 20:46 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\SpinTires
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 21:23 - 2014-09-27 17:21 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-13 21:20 - 2009-07-13 22:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 21:20 - 2009-07-13 22:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 21:19 - 2014-09-06 18:44 - 00000000 _____ () C:\Windows\Path.idx
2015-01-13 21:19 - 2009-07-13 23:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 21:16 - 2014-09-06 14:19 - 01260517 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 21:14 - 2014-09-06 18:23 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-01-13 21:13 - 2014-09-06 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-13 21:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 21:13 - 2009-07-13 22:51 - 00097698 _____ () C:\Windows\setupact.log
2015-01-13 18:54 - 2014-11-04 17:23 - 00004682 _____ () C:\ProgramData\dleescan.log
2015-01-13 18:54 - 2014-09-06 16:58 - 00061576 _____ () C:\Users\Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 18:53 - 2009-07-13 22:45 - 00267272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 17:19 - 2014-09-09 21:51 - 00000000 ____D () C:\Users\Donovan\AppData\Local\CrashDumps
2015-01-11 15:19 - 2014-11-08 13:47 - 00000000 ____D () C:\Fraps
2015-01-11 15:18 - 2010-11-20 21:47 - 00190914 _____ () C:\Windows\PFRO.log
2015-01-10 15:51 - 2014-12-13 14:41 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Deployment
2015-01-10 15:51 - 2014-09-06 16:25 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Google
2015-01-10 15:51 - 2014-09-06 16:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-10 15:49 - 2014-11-01 19:20 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Apps\2.0
2015-01-10 15:46 - 2014-09-06 16:23 - 00001443 _____ () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 15:38 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 15:08 - 2014-09-06 17:51 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Battle.net
2015-01-10 14:35 - 2014-09-06 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 00:31 - 2014-09-07 02:01 - 00000659 _____ () C:\Windows\MB.idx
2015-01-04 15:46 - 2014-09-07 02:17 - 00160531 _____ () C:\Windows\DirectX.log
2015-01-01 21:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-01 20:19 - 2014-09-07 15:09 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\deluge
2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 22:31 - 2014-09-07 02:58 - 00074309 _____ () C:\Windows\IE11_main.log
2014-12-28 22:30 - 2014-09-07 02:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-28 22:28 - 2014-09-06 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-28 20:14 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-28 16:24 - 2014-11-04 17:53 - 00000000 ____D () C:\TEMP
2014-12-28 16:24 - 2014-09-06 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-19 20:42 - 2014-10-11 17:40 - 00000000 ____D () C:\Users\Donovan\Documents\New folder
2014-12-19 19:47 - 2014-09-06 17:32 - 00000000 ____D () C:\Users\Donovan\Documents\activision
2014-12-18 21:28 - 2014-10-12 09:05 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Skyrim
2014-12-15 21:15 - 2014-12-13 15:18 - 00001991 _____ () C:\Users\Donovan\Downloads\Xpadder.ini
 
Some content of TEMP:
====================
C:\Users\Donovan\AppData\Local\Temp\Quarantine.exe
C:\Users\Donovan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f25a706d-3623-11e4-a7a6-e670f33f9b50}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {f25a706f-3623-11e4-a7a6-e670f33f9b50}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {f25a706d-3623-11e4-a7a6-e670f33f9b50}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {f25a706f-3623-11e4-a7a6-e670f33f9b50}
device                  ramdisk=[C:]\Recovery\f25a706f-3623-11e4-a7a6-e670f33f9b50\Winre.wim,{f25a7070-3623-11e4-a7a6-e670f33f9b50}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\f25a706f-3623-11e4-a7a6-e670f33f9b50\Winre.wim,{f25a7070-3623-11e4-a7a6-e670f33f9b50}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {f25a706d-3623-11e4-a7a6-e670f33f9b50}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {f25a7070-3623-11e4-a7a6-e670f33f9b50}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\f25a706f-3623-11e4-a7a6-e670f33f9b50\boot.sdi
 
 
 
LastRegBack: 2015-01-04 14:30
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

The entries you state as being malicious are possibly related to Lexmark, do you have a Lexmark printer?

 

Next,

 

I see you ran Combofix, can you post the produced log. C:\Combofix.txt also this file C:\QooBox\ComboFix-quarantined-files.txt

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply....

 

Kevin....

Link to post
Share on other sites


Yes i used combo fix forgetting that it shouldn't be used unless i know exactly what I'm doing...

also i don't own a Lexmark printer or have never had one connected but have a dell printer installed.

 

ComboFix 15-01-08.01 - Donovan 10/01/2015  15:35:59.3.4 - x64 MINIMAL

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.32705.30890 [GMT -6:00]

Running from: c:\users\Donovan\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2014-12-10 to 2015-01-10  )))))))))))))))))))))))))))))))

.

.

2015-01-10 21:38 . 2015-01-10 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-01-10 21:11 . 2015-01-10 21:18 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2015-01-10 21:11 . 2015-01-10 21:11 -------- d-----w- c:\programdata\RogueKiller

2015-01-10 20:48 . 2015-01-10 21:02 -------- d-----w- C:\AdwCleaner

2015-01-10 20:35 . 2015-01-10 21:22 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-10 20:35 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2015-01-10 20:35 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2015-01-10 20:35 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2015-01-10 19:30 . 2014-09-16 21:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CB91B31-9990-4B64-B4FB-228A06F03018}\gapaengine.dll

2015-01-10 19:30 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89CB1336-7950-4CD7-92DA-B031BDF2821A}\mpengine.dll

2015-01-10 19:24 . 2015-01-10 19:24 -------- d-----w- c:\program files (x86)\Send to Kindle

2015-01-10 19:23 . 2015-01-10 20:44 -------- d-----w- c:\program files (x86)\PriceChoupp

2015-01-10 19:23 . 2015-01-10 19:23 -------- d-----w- c:\programdata\cimbmbfpchngipjdimcaefhcemhaemdj

2015-01-10 19:21 . 2015-01-10 19:21 -------- d-----w- c:\users\Donovan\AppData\Roaming\java

2015-01-10 19:21 . 2015-01-10 19:21 -------- d-----w- c:\users\Donovan\AppData\Roaming\.minecraft

2015-01-10 17:38 . 2015-01-10 17:38 -------- d-----w- c:\users\Donovan\AppData\Roaming\Arrowhead

2015-01-10 00:44 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-12-29 04:27 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll

2014-12-29 04:27 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll

2014-12-29 04:27 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll

2014-12-29 04:27 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe

2014-12-29 04:27 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe

2014-12-29 04:27 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll

2014-12-29 04:27 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll

2014-12-29 04:27 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe

2014-12-29 04:27 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe

2014-12-29 04:27 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll

2014-12-29 04:25 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-12-29 04:25 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2014-12-29 04:25 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys

2014-12-29 04:25 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll

2014-12-29 04:25 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll

2014-12-29 04:25 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll

2014-12-29 04:25 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2014-12-29 04:01 . 2014-12-29 04:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-12-29 04:01 . 2014-12-29 04:01 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2014-12-29 04:01 . 2014-12-29 04:01 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2014-12-29 04:01 . 2014-12-29 04:01 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2014-12-29 04:01 . 2014-12-29 04:01 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2014-12-29 04:01 . 2014-12-29 04:01 -------- d-----w- c:\program files (x86)\OpenAL

2014-12-29 03:56 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll

2014-12-29 03:56 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll

2014-12-29 03:56 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll

2014-12-29 03:56 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll

2014-12-29 03:56 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe

2014-12-29 03:56 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll

2014-12-29 03:56 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll

2014-12-29 03:56 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll

2014-12-29 03:56 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll

2014-12-29 03:56 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe

2014-12-28 22:24 . 2014-12-13 00:47 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-12-28 21:09 . 2014-12-28 21:09 -------- d-----w- c:\users\Donovan\AppData\Local\TeamViewer

2014-12-21 05:42 . 2014-12-21 05:42 -------- d-----w- c:\users\Donovan\AppData\Roaming\.mono

2014-12-21 02:33 . 2014-12-21 02:33 -------- d-----w- c:\users\Donovan\AppData\Local\Introversion

2014-12-20 01:47 . 2014-12-20 01:47 -------- d-----w- c:\users\Donovan\AppData\Local\Activision

2014-12-19 02:57 . 2014-12-19 02:57 -------- d-----w- c:\users\Donovan\AppData\Local\Bloons TD 5

2014-12-19 02:25 . 2014-12-19 02:25 -------- d-----w- c:\users\Donovan\AppData\Roaming\Injustice

2014-12-17 03:35 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-12-17 03:35 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-12-17 03:31 . 2014-12-18 22:57 -------- d-----w- c:\users\Donovan\AppData\Roaming\Origin

2014-12-17 03:31 . 2014-12-17 03:32 -------- d-----w- c:\users\Donovan\AppData\Local\Origin

2014-12-17 03:30 . 2015-01-10 21:22 -------- d-----w- c:\programdata\Origin

2014-12-16 01:53 . 2014-12-16 02:46 -------- d-----w- c:\users\Donovan\AppData\Roaming\SpinTires

2014-12-13 20:41 . 2015-01-06 23:54 -------- d-----w- c:\users\Donovan\AppData\Local\Deployment

2014-12-13 19:17 . 2014-12-13 19:17 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-12-13 19:17 . 2014-12-13 19:17 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-12-13 19:17 . 2014-12-13 19:17 -------- d-----w- c:\program files (x86)\Java

2014-12-13 19:17 . 2014-12-13 19:17 -------- d-----w- c:\users\Donovan\AppData\Roaming\Foxit Software

2014-12-13 19:17 . 2014-12-13 19:17 -------- d-----w- c:\users\Public\Foxit Software

2014-12-13 19:16 . 2014-12-13 19:16 -------- d-----w- c:\program files (x86)\Ninite Updater

2014-12-13 19:16 . 2014-12-13 19:16 -------- d-----w- c:\program files (x86)\Foxit Software

2014-12-13 19:08 . 2014-12-13 19:25 -------- d-----w- c:\users\Donovan\AppData\Local\GOG.com

2014-12-13 19:07 . 2014-12-13 19:07 -------- d-----w- c:\program files\CPUID

2014-12-12 02:32 . 2014-11-13 00:20 1876296 ----a-w- c:\windows\system32\nvdispco6434475.dll

2014-12-12 02:32 . 2014-11-13 00:20 1540424 ----a-w- c:\windows\system32\nvdispgenco6434475.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-10 21:23 . 2014-09-07 00:23 1048576 ----a-w- c:\windows\PE_Rom.dll

2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe

2014-12-29 04:28 . 2014-11-02 01:56 1113664 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll

2014-12-13 10:08 . 2014-11-08 19:32 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-12-13 10:08 . 2014-09-06 23:29 18594432 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-12-13 10:08 . 2014-09-06 23:12 74056 ----a-w- c:\windows\system32\OpenCL.dll

2014-12-13 10:08 . 2014-09-06 23:12 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll

2014-12-13 10:08 . 2014-09-06 23:11 3293136 ----a-w- c:\windows\system32\nvapi64.dll

2014-12-13 10:08 . 2014-09-06 23:11 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-12-13 08:03 . 2014-09-06 23:12 6859408 ----a-w- c:\windows\system32\nvcpl.dll

2014-12-13 08:03 . 2014-09-06 23:12 3513488 ----a-w- c:\windows\system32\nvsvc64.dll

2014-12-13 08:03 . 2014-09-06 23:12 935240 ----a-w- c:\windows\system32\nvvsvc.exe

2014-12-13 08:03 . 2014-09-06 23:12 62608 ----a-w- c:\windows\system32\nvshext.dll

2014-12-13 08:03 . 2014-09-06 23:12 386368 ----a-w- c:\windows\system32\nvmctray.dll

2014-12-13 08:03 . 2014-09-06 23:12 2558608 ----a-w- c:\windows\system32\nvsvcr.dll

2014-12-13 00:12 . 2014-09-06 23:21 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-12-13 00:12 . 2014-09-06 23:21 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll

2014-12-13 00:12 . 2014-09-06 23:21 2824504 ----a-w- c:\windows\system32\nvspcap64.dll

2014-12-13 00:12 . 2014-09-06 23:21 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll

2014-12-12 23:11 . 2014-09-06 23:12 4151176 ----a-w- c:\windows\system32\nvcoproc.bin

2014-12-06 19:59 . 2014-09-06 23:40 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2014-11-27 22:40 . 2014-09-07 08:50 112710672 ----a-w- c:\windows\system32\MRT.exe

2014-11-22 10:46 . 2014-09-06 23:21 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-11-08 22:34 . 2014-11-08 19:42 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2014-11-08 22:34 . 2014-11-08 19:37 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-11-08 19:43 . 2014-11-08 19:37 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2014-11-08 19:37 . 2014-11-08 19:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-11-04 00:04 . 2014-11-11 03:09 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll

2014-11-04 00:04 . 2014-11-11 03:09 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll

2014-10-30 04:53 . 2014-11-08 19:32 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll

2014-10-30 04:53 . 2014-11-08 19:32 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll

2014-10-23 00:14 . 2014-10-23 00:14 4260336 ----a-w- c:\windows\PE_File.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="e:\steam\steam.exe" [2015-01-10 1942208]

"EADM"="f:\origin\Origin.exe" [2014-12-18 3618648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-03-06 291128]

"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2013-01-28 550272]

"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\WiFileTransfer.exe" [2014-01-22 1392952]

"Dell V715w"="c:\program files (x86)\Dell V715w\fm3032.exe" [2011-01-24 316072]

"Ninite Updater"="c:\program files (x86)\Ninite Updater\NiniteUpdater.exe" [2014-12-13 305664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]

R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]

R2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [x]

R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe;c:\windows\SYSNATIVE\dleecoms.exe [x]

R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleeserv.exe [x]

R2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]

R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

R3 Origin Client Service;Origin Client Service;f:\origin\OriginClientService.exe;f:\origin\OriginClientService.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]

S3 ASMTFilter;ASMTFilter;SysWow64\drivers\asmtufdriver.sys;SysWow64\drivers\asmtufdriver.sys [x]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-12 02:49 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-06 22:25]

.

2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-06 22:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-05 7156296]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-05 1278024]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-11-29 1023104]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-11-29 801920]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2011-01-24 770728]

"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2011-01-24 139944]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-01-10  15:39:14

ComboFix-quarantined-files.txt  2015-01-10 21:39

ComboFix2.txt  2015-01-10 21:31

ComboFix3.txt  2015-01-10 21:17

.

Pre-Run: 74,949,783,552 bytes free

Post-Run: 74,591,199,232 bytes free

.

- - End Of File - - 19B4EDA7D60827CB240191E9131E03E8

A36C5E4F47E84449FF07ED3517B43A31

 


2015-01-10 21:17:10 . 2015-01-10 21:17:10              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr

2015-01-10 21:16:38 . 2015-01-10 21:16:38               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Nvtmru.reg.dat

2015-01-10 21:16:32 . 2015-01-10 21:16:32              153 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Battle.net.reg.dat

2015-01-10 21:16:21 . 2007-11-07 14:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\F\install.exe.vir

2015-01-10 21:16:21 . 2007-11-07 14:44:20          855,040 ----a-w-  C:\Qoobox\Quarantine\D\install.exe.vir

2015-01-10 21:15:42 . 2015-01-10 21:37:30            8,948 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2015-01-10 21:14:01 . 2015-01-10 21:35:34              204 ----a-w-  C:\Qoobox\Quarantine\catchme.log

2014-09-07 00:39:24 . 2014-09-07 00:39:24              148 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\local.txt.vir

 



 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 14/01/2015

Scan Time: 8:05:06 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.15.02

Rootkit Database: v2015.01.14.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Donovan

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 385126

Time Elapsed: 5 min, 1 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Ultimate x64

Ran by Donovan on 14/01/2015 at 20:12:29.77

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Chrome

 

Failed to delete: [Folder] C:\Users\Donovan\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/01/2015 at 20:15:05.22

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Sun Sep 07 02:50:38 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 07 02:51:05 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Fri Sep 12 22:46:07 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 22:47:19 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Thu Oct 30 05:33:42 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 30 05:35:01 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sun Dec 28 22:28:57 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 28 22:30:25 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Wed Jan 14 20:19:06 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 


 

Link to post
Share on other sites

You mention the following service (dleeCATSCustConnectService) in your opening reply and indicate you believe maybe malicious:

S2 dleeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [45224 2010-05-21] ()


The following link suggests the above quote is related to Lexmark and therefore possibly legitimate:

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=dleeserv.exe

You also mention (dlee_device) again this is a printer service related to Dell...

R2 dlee_device; C:\Windows\system32\dleecoms.exe [1052328 2010-05-21] ( )
R2 dlee_device; C:\Windows\SysWOW64\dleecoms.exe [598696 2010-05-21] ( )

 

The following link confirms a Dell service and therefore possibly legitimate..

 

Next,

 

Continue please as follows:

 

Run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is Ticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.


http://www.systemlookup.com/search.php?type=filename&search=dleecoms.exe&s=

 

Next,

 

Open FRST, make sure all boxes are checkmarked under "Whitelist" also make sure only Addition.txt is checkmarked under "Optional scan"

 

Select "scan" post the two produced logs...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

That's good to hear that they are legitimate but looking deeper the systemlookup site spells the dlee_device as dlea_device but regardless it wasn't flagged by eset or anything else so here are the scans

 

Eset scans

 

C:\Users\All Users\cimbmbfpchngipjdimcaefhcemhaemdj\content.js JS/Chromex.Agent.L trojan
C:\Users\All Users\cimbmbfpchngipjdimcaefhcemhaemdj\dzcc9S6V.js JS/Kryptik.ATB trojan
C:\Users\All Users\cimbmbfpchngipjdimcaefhcemhaemdj\lsdb.js JS/Kryptik.ATB trojan
C:\ProgramData\cimbmbfpchngipjdimcaefhcemhaemdj\content.js JS/Chromex.Agent.L trojan cleaned by deleting - quarantined
C:\ProgramData\cimbmbfpchngipjdimcaefhcemhaemdj\dzcc9S6V.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\ProgramData\cimbmbfpchngipjdimcaefhcemhaemdj\lsdb.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Donovan (administrator) on DONOVANS-PC on 16-01-2015 20:25:34
Running from C:\Users\Donovan\Desktop\Cleaners
Loaded Profiles: Donovan (Available profiles: Donovan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() D:\DIMMDRIVE\ddservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Secure By Design Inc.) C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\x64\S5wow_2005.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-11-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-11-29] (Atheros Commnucations)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [Ninite Updater] => C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe [305664 2014-12-13] (Secure By Design Inc.)
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\Run: [steam] => E:\Steam\steam.exe [1942720 2015-01-15] (Valve Corporation)
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\Run: [EADM] => F:\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1314618202-1260968748-905553310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1314618202-1260968748-905553310-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donovan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1314618202-1260968748-905553310-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://sasktenders.ca/content/public/Search.aspx","hxxp://merx.com/", "hxxp://www.google.com", "hxxp://websearch.thesearchpage.info/?pid=1539&r=2015/01/10&hid=146443283595321162&lg=EN&cc=CA&unqvl=74"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GGBlocker) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabmoedabiliejlieonfephdoncnailk [2015-01-16]
CHR Extension: (Google Slides) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (reddit) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbjdcdemclgpcafgdehfmmakkhnopen [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (MEGA) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Honey) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-01-11]
CHR Extension: (Google Cast) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-11]
CHR Extension: (Adblock Plus) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-13]
CHR Extension: (Google Calendar) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (Plex) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2015-01-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-01-10]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-01-13]
CHR Extension: (IE Tab) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-01-11]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2015-01-11]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2015-01-11]
CHR Extension: (Block Misspelled Websites) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkeedolkcnamlgiodhcaielanmffhlil [2015-01-11]
CHR Extension: (DripBot Plus) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbccchmlnodccdacimdpmbbgodkdoih [2015-01-13]
CHR Extension: (Dropbox) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-01-11]
CHR Extension: (Transmogrify for Plex) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdogfefgaagaledbkgeffgbjlaaplpgo [2015-01-11]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-11]
CHR Extension: (Google Play) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-01-11]
CHR Extension: (Google Mail Checker) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-11]
CHR Extension: (PDF Cloud Tools) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk [2015-01-11]
CHR Extension: (OneDrive) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-01-11]
CHR Extension: (My Chrome Theme) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-01-11]
CHR Extension: (Enhanced Steam) - C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-01-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-01-21] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-04-15] (ASUSTeK Computer Inc.) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424 2013-04-19] (ASUSTeK Computer Inc.) [File not signed]
R2 Dimmdrive Helper; D:\DIMMDRIVE\ddservice.exe [23872 2014-10-13] ()
S4 dleeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [45224 2010-05-21] ()
S4 dlee_device; C:\Windows\system32\dleecoms.exe [1052328 2010-05-21] ( )
S4 dlee_device; C:\Windows\SysWOW64\dleecoms.exe [598696 2010-05-21] ( )
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
S3 Origin Client Service; F:\origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-08] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-11-29] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] http://www.asmedia.com.tw) [File not signed](
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 Dimmdrive; C:\Windows\System32\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R2 Dimmdrive; C:\Windows\SysWOW64\drivers\dimmdrive.sys [56960 2013-09-14] (Dimmdrive)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 20:25 - 2015-01-16 20:25 - 00000613 _____ () C:\Users\Donovan\Desktop\ESET SCAN.txt
2015-01-16 20:05 - 2015-01-16 20:05 - 00119809 _____ () C:\Users\Donovan\Downloads\Full-Window-master.zip
2015-01-16 20:04 - 2015-01-16 20:04 - 00670847 _____ () C:\Users\Donovan\Downloads\fullscreenizer.zip
2015-01-16 20:04 - 2015-01-16 20:04 - 00509284 _____ (Codeusa Software ) C:\Users\Donovan\Downloads\BorderlessGaming_7.8__admin_setup.exe
2015-01-16 19:35 - 2015-01-16 19:35 - 02347384 _____ (ESET) C:\Users\Donovan\Downloads\esetsmartinstaller_enu.exe
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-14 23:17 - 2015-01-14 23:18 - 26728448 _____ () C:\Users\Donovan\Downloads\PhysX-9.12.1031-SystemSoftware.msi
2015-01-14 23:17 - 2015-01-14 23:17 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2015-01-14 23:17 - 2015-01-14 23:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-14 23:07 - 2015-01-14 23:09 - 41168152 _____ (NVIDIA Corporation) C:\Users\Donovan\Downloads\PhysX_9.09.0428_SystemSoftware.exe
2015-01-14 22:56 - 2015-01-14 22:56 - 00000000 ____D () C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2015-01-14 22:56 - 2015-01-14 22:56 - 00000000 ____D () C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP
2015-01-14 22:52 - 2015-01-14 22:49 - 01353251 _____ (CheatHappens) C:\Users\Donovan\Desktop\ol2-snomanzy.exe
2015-01-14 22:50 - 2015-01-14 22:52 - 00000000 ____D () C:\Users\Donovan\Desktop\Pokemon Insurgence 1.0.12
2015-01-14 22:50 - 2015-01-14 22:50 - 00900361 _____ () C:\Users\Donovan\Downloads\ol2-snomanzy-2bc05586155ed58.rar
2015-01-14 22:17 - 2015-01-14 22:17 - 00000000 ____D () C:\Users\Donovan\Documents\TecmoKoei
2015-01-14 20:27 - 2015-01-14 20:29 - 00000000 ____D () C:\Users\Donovan\Desktop\Renaming
2015-01-14 20:15 - 2015-01-14 20:15 - 00000778 _____ () C:\Users\Donovan\Desktop\JRT.txt
2015-01-14 20:12 - 2015-01-14 20:12 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 20:09 - 2015-01-14 20:09 - 00000000 ____D () C:\Users\Donovan\Desktop\Monitors
2015-01-14 20:06 - 2015-01-16 20:25 - 00000000 ____D () C:\Users\Donovan\Desktop\Cleaners
2015-01-14 18:30 - 2015-01-14 18:30 - 00000000 ___RD () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-13 22:04 - 2015-01-13 22:04 - 00001169 _____ () C:\Users\Donovan\Desktop\Game.exe - Shortcut.lnk
2015-01-13 21:26 - 2015-01-13 21:26 - 00042047 _____ () C:\Users\Donovan\Desktop\Addition.txt
2015-01-13 21:25 - 2015-01-16 20:25 - 00000000 ____D () C:\FRST
2015-01-13 21:25 - 2015-01-13 21:26 - 00074996 _____ () C:\Users\Donovan\Desktop\FRST.txt
2015-01-13 21:12 - 2015-01-13 21:12 - 00002429 _____ () C:\Users\Public\Desktop\Dimmdrive.lnk
2015-01-13 21:12 - 2015-01-13 21:12 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Dimmdrive
2015-01-13 21:12 - 2015-01-13 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dimmdrive
2015-01-13 21:12 - 2013-09-14 11:15 - 00056960 _____ (Dimmdrive) C:\Windows\system32\Drivers\dimmdrive.sys
2015-01-10 15:57 - 2015-01-10 15:57 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 15:51 - 2015-01-16 19:56 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 15:51 - 2015-01-16 19:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 15:51 - 2015-01-10 15:51 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-10 15:51 - 2015-01-10 15:51 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-10 15:51 - 2015-01-10 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 15:39 - 2015-01-10 15:39 - 00024894 _____ () C:\ComboFix.txt
2015-01-10 15:14 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 15:14 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 15:14 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 15:14 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 15:11 - 2015-01-10 15:39 - 00000000 ____D () C:\Qoobox
2015-01-10 15:11 - 2015-01-10 15:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-10 15:11 - 2015-01-10 15:16 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 15:11 - 2015-01-10 15:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-10 14:48 - 2015-01-14 20:11 - 00000000 ____D () C:\AdwCleaner
2015-01-10 14:35 - 2015-01-16 19:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 14:35 - 2015-01-10 14:35 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 14:35 - 2015-01-10 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 14:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 14:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 14:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 13:24 - 2015-01-10 13:24 - 00000000 ____D () C:\Program Files (x86)\Send to Kindle
2015-01-10 13:23 - 2015-01-16 20:24 - 00000000 ____D () C:\ProgramData\cimbmbfpchngipjdimcaefhcemhaemdj
2015-01-10 13:23 - 2015-01-10 14:44 - 00000000 ____D () C:\Program Files (x86)\PriceChoupp
2015-01-10 13:21 - 2015-01-11 15:16 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\.minecraft
2015-01-10 13:21 - 2015-01-10 13:21 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\java
2015-01-10 13:19 - 2015-01-10 13:19 - 00000601 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-01-10 13:19 - 2015-01-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-10 11:38 - 2015-01-10 11:38 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Arrowhead
2015-01-09 21:06 - 2015-01-09 21:06 - 00007502 _____ () C:\Users\Donovan\Downloads\Median XL The Chest of Item Creation V4 - Ultimative Compatible.rar
2015-01-09 21:06 - 2013-12-12 13:19 - 00046812 _____ () C:\Users\Donovan\Downloads\_LOD_SharedStashSave.sss
2015-01-05 17:21 - 2015-01-05 17:21 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-04 15:55 - 2015-01-04 15:55 - 00002998 _____ () C:\Windows\System32\Tasks\{A2A3AC5F-8D53-4229-B2AC-E59632D51B00}
2015-01-04 15:46 - 2015-01-04 16:09 - 00000000 ____D () C:\Users\Donovan\Documents\Bully Scholarship Edition
2015-01-02 21:08 - 2015-01-02 21:08 - 00000000 ____D () C:\Users\Donovan\Documents\WB Games
2015-01-01 20:25 - 2015-01-01 20:25 - 00000218 _____ () C:\Users\Donovan\AppData\Local\recently-used.xbel
2014-12-28 22:27 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-28 22:27 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-28 22:27 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-28 22:27 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-28 22:27 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-28 22:27 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-28 22:27 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-28 22:27 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-28 22:27 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-28 22:27 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-28 22:26 - 2014-11-21 05:35 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 09058816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-28 22:26 - 2014-11-21 05:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-28 22:26 - 2014-11-21 05:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-28 22:26 - 2014-11-21 05:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-28 22:26 - 2014-11-21 05:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-28 22:26 - 2014-11-21 05:32 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-28 22:26 - 2014-11-21 04:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-28 22:26 - 2014-11-21 04:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-28 22:26 - 2014-11-21 04:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-28 22:26 - 2014-11-21 04:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-28 22:26 - 2014-11-21 04:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-28 22:26 - 2014-11-21 04:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-28 22:26 - 2014-11-21 04:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-28 22:26 - 2014-11-21 04:23 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-28 22:26 - 2014-11-21 03:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-28 22:26 - 2014-11-21 02:55 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-28 22:26 - 2014-11-21 01:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-28 22:26 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-28 22:26 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-28 22:26 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-28 22:26 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-28 22:26 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-28 22:26 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-28 22:26 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-28 22:26 - 2014-10-29 20:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-28 22:26 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-28 22:26 - 2014-10-29 19:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-28 22:26 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-28 22:26 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-28 22:26 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-28 22:26 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-28 22:26 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-28 22:26 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-28 22:26 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-28 22:26 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-28 22:26 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-28 22:26 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-28 22:26 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-28 22:26 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-28 22:26 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-28 22:26 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-28 22:26 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-28 22:26 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-28 22:26 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-28 22:26 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-28 22:26 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-28 22:26 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-28 22:26 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-28 22:26 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-28 22:26 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-28 22:25 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-28 22:25 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-28 22:25 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-28 22:25 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-28 22:25 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-28 22:25 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-28 22:25 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-28 22:01 - 2014-12-28 22:01 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-12-28 22:01 - 2014-12-28 22:01 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-12-28 21:56 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-28 21:56 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-28 21:56 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-28 21:56 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-28 21:56 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-28 21:56 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-28 17:33 - 2014-12-28 17:33 - 00000000 ____D () C:\Users\Donovan\Documents\Larian Studios
2014-12-28 16:50 - 2014-12-28 16:50 - 00007605 _____ () C:\Users\Donovan\AppData\Local\Resmon.ResmonCfg
2014-12-28 16:24 - 2014-12-12 18:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-28 16:22 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-28 16:22 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-28 16:22 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-28 16:22 - 2014-10-09 11:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-28 16:22 - 2014-10-09 11:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-28 16:22 - 2014-10-09 01:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-28 15:56 - 2014-12-28 16:07 - 00000000 ____D () C:\Users\Donovan\Documents\Lords of the Fallen
2014-12-28 15:09 - 2014-12-28 15:09 - 00000000 ____D () C:\Users\Donovan\AppData\Local\TeamViewer
2014-12-20 23:42 - 2014-12-20 23:42 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\.mono
2014-12-20 20:33 - 2014-12-20 20:33 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Introversion
2014-12-19 19:47 - 2014-12-19 19:47 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Activision
2014-12-18 20:57 - 2014-12-18 20:57 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Bloons TD 5
2014-12-18 20:25 - 2014-12-18 20:25 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Injustice
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 19:41 - 2014-09-06 14:19 - 01396086 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 19:30 - 2009-07-13 22:51 - 00098361 _____ () C:\Windows\setupact.log
2015-01-15 00:52 - 2014-09-06 18:44 - 00000000 _____ () C:\Windows\Path.idx
2015-01-14 23:43 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 23:17 - 2014-09-06 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-14 23:03 - 2014-09-09 21:51 - 00000000 ____D () C:\Users\Donovan\AppData\Local\CrashDumps
2015-01-14 22:56 - 2014-09-07 02:17 - 00178120 _____ () C:\Windows\DirectX.log
2015-01-14 22:56 - 2014-09-06 17:31 - 00000000 ____D () C:\Users\Donovan\Documents\my games
2015-01-14 21:57 - 2014-12-16 21:30 - 00000000 ____D () C:\ProgramData\Origin
2015-01-14 18:37 - 2009-07-13 22:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:37 - 2009-07-13 22:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:36 - 2009-07-13 23:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 18:31 - 2014-09-06 18:23 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-01-14 18:30 - 2014-09-06 17:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 18:30 - 2014-09-06 16:58 - 00061576 _____ () C:\Users\Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 18:30 - 2010-11-20 21:47 - 00191706 _____ () C:\Windows\PFRO.log
2015-01-14 18:30 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 18:30 - 2009-07-13 22:45 - 00275056 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-13 21:23 - 2014-09-27 17:21 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-13 18:54 - 2014-11-04 17:23 - 00004682 _____ () C:\ProgramData\dleescan.log
2015-01-11 15:19 - 2014-11-08 13:47 - 00000000 ____D () C:\Fraps
2015-01-10 15:51 - 2014-12-13 14:41 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Deployment
2015-01-10 15:51 - 2014-09-06 16:25 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Google
2015-01-10 15:51 - 2014-09-06 16:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-10 15:49 - 2014-11-01 19:20 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Apps\2.0
2015-01-10 15:46 - 2014-09-06 16:23 - 00001443 _____ () C:\Users\Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 15:38 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-10 15:08 - 2014-09-06 17:51 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Battle.net
2015-01-10 14:35 - 2014-09-06 17:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 01:35 - 2014-09-06 17:21 - 02210224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-07 01:35 - 2014-09-06 17:21 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-07 01:34 - 2014-09-06 17:21 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-07 01:34 - 2014-09-06 17:21 - 01715408 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-05 00:31 - 2014-09-07 02:01 - 00000659 _____ () C:\Windows\MB.idx
2015-01-01 21:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-01 20:19 - 2014-09-07 15:09 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\deluge
2014-12-31 13:12 - 2014-09-07 02:50 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 22:31 - 2014-09-07 02:58 - 00074309 _____ () C:\Windows\IE11_main.log
2014-12-28 22:30 - 2014-09-07 02:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-28 22:28 - 2014-09-06 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-28 16:24 - 2014-11-04 17:53 - 00000000 ____D () C:\TEMP
2014-12-19 20:42 - 2014-10-11 17:40 - 00000000 ____D () C:\Users\Donovan\Documents\New folder
2014-12-19 19:47 - 2014-09-06 17:32 - 00000000 ____D () C:\Users\Donovan\Documents\activision
2014-12-18 21:28 - 2014-10-12 09:05 - 00000000 ____D () C:\Users\Donovan\AppData\Local\Skyrim
2014-12-18 16:57 - 2014-12-16 21:31 - 00000000 ____D () C:\Users\Donovan\AppData\Roaming\Origin
 
==================== Files in the root of some directories =======
2015-01-01 20:25 - 2015-01-01 20:25 - 0000218 _____ () C:\Users\Donovan\AppData\Local\recently-used.xbel
2014-12-28 16:50 - 2014-12-28 16:50 - 0007605 _____ () C:\Users\Donovan\AppData\Local\Resmon.ResmonCfg
2014-11-04 17:53 - 2014-11-04 17:53 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-11-04 17:53 - 2014-11-04 17:53 - 0000286 _____ () C:\ProgramData\Coinstaller.log
2014-11-04 17:25 - 2014-11-04 17:57 - 0003198 _____ () C:\ProgramData\dleeJSW.log
2014-11-04 17:23 - 2015-01-13 18:54 - 0004682 _____ () C:\ProgramData\dleescan.log
2014-11-04 17:55 - 2014-11-04 17:55 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-11-04 17:53 - 2014-11-04 17:53 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-11-04 17:53 - 2014-11-04 17:53 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\Donovan\AppData\Local\Temp\CH.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 18:48
 
==================== End Of Log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01

Ran by Donovan at 2015-01-16 20:25:55

Running from C:\Users\Donovan\Desktop\Cleaners

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)

AI Suite III (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.39 - ASUSTeK Computer Inc.)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)

Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden

Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

Bloons TD5 (HKLM-x32\...\Steam App 306020) (Version:  - Ninja Kiwi)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)

Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version:  - Rockstar New England)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

Dell V715w (HKLM\...\Dell V715w) (Version:  - Dell, Inc.)

Dimmdrive (HKLM-x32\...\{D627B8AA-93C6-4300-8B24-A1B0C6A00003}) (Version: 2.0.9 - Dimmdrive)

DYNASTY WARRIORS 8: Xtreme Legends Complete Edition (HKLM-x32\...\Steam App 278080) (Version:  - KOEI TECMO GAMES CO., LTD.)

Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)

Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)

ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )

FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)

FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Gauntlet™  (HKLM-x32\...\Steam App 258970) (Version:  - Arrowhead Game Studios)

GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version:  - Xaviant)

LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden

Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)

Lords Of The Fallen (HKLM-x32\...\Steam App 265300) (Version:  - CI Games)

Mac Blu-ray Player (HKLM-x32\...\Mac Blu-ray Player) (Version: 2.10.10.1757 - Macgo Inc.)

Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3 (HKLM-x32\...\{1ef771b4-b774-439e-a015-23dec292d9a4}) (Version: 12.0.30723.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)

Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)

MyHarmony (HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)

Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)

Ninite Updater (HKLM-x32\...\NiniteUpdater) (Version:  - )

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team)

NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)

One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

Overlord II (HKLM-x32\...\Steam App 12810) (Version:  - Triumph Studios)

paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)

Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)

Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)

Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden

Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Python Tools Redirection Template (x32 Version: 1.0 - Microsoft Corporation) Hidden

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden

SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)

South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)

Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version:  - Little Green Men Games)

StepMania v5.0 beta 3 (remove only) (HKLM-x32\...\StepMania 5) (Version:  - StepMania Team)

tAPI version 1.2.4.1 r14a (HKLM-x32\...\{6D47E78A-A9FE-41B8-A5C6-8A6A04FB8F71}_is1) (Version: 1.2.4.1 r14a - tAPI Development Team)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

Terraria Game Launcher version 3.2.1.4 (HKLM-x32\...\{31D22D10-7FD2-401B-8AEA-D20A1A9A440E}_is1) (Version: 3.2.1.4 - Eikester)

The Amazing Spider-Man 2 (HKLM-x32\...\Steam App 267550) (Version:  - Beenox)

The Golf Club (HKLM-x32\...\Steam App 269730) (Version:  - HB Studios)

TikiOne Steam Cleaner (HKLM-x32\...\TikiOneSteamCleaner) (Version:  - Jonathan Lermitage)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)

TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden

Unity Web Player (HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)

VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

Wi-Fi GO! (HKLM-x32\...\{F5A3E41B-64E8-45BC-806C-57C81DED4409}) (Version: 4.01.15 - ASUSTeK Computer Inc.)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

WinDirStat 1.1.2 (HKU\S-1-5-21-1314618202-1260968748-905553310-1000\...\WinDirStat) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

13-01-2015 19:05:16 Windows Update

13-01-2015 21:12:07 Installed Dimmdrive

14-01-2015 22:55:33 Installed DirectX

14-01-2015 23:17:21 Removed NVIDIA PhysX

14-01-2015 23:17:42 Installed NVIDIA PhysX

16-01-2015 19:41:08 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2015-01-10 15:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1CAE1BD0-56CE-483C-9F83-D59EDDB1566B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)

Task: {4217C383-76BC-4111-8B2D-49381ECEABC7} - System32\Tasks\{A2A3AC5F-8D53-4229-B2AC-E59632D51B00} => E:\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe [2014-12-28] ()

Task: {4A70A26C-BB71-4972-8B42-CA3414F0870D} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server Launcher.exe [2014-01-22] (ASUSTeK Computer Inc.)

Task: {73DD321B-B7D7-462C-AEE8-AACBA4343F01} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()

Task: {A6EEA9F9-71CE-42BE-AAED-C5E3C4572B18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)

Task: {B60007DC-C4DE-4BB8-BC0C-74E5BB6F5918} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)

Task: {C3970C13-1FA1-47D3-8DF8-D07D1897110C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-04-19] ()

Task: {CF1B18E8-9A90-41DE-A889-89010B2DF7C0} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-04-15] (ASUSTeK Computer Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-09-06 17:12 - 2014-12-13 02:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-11-04 17:54 - 2009-11-26 01:09 - 00053760 _____ () C:\Windows\System32\DLEEPMON.DLL

2014-11-04 17:54 - 2009-01-13 08:15 - 05709824 _____ () C:\Windows\System32\DLEEOEM.DLL

2014-11-04 17:54 - 2009-11-26 01:07 - 00081408 _____ () C:\Program Files (x86)\Dell V715w\ipcmt64.dll

2014-11-04 17:24 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleedrpp.dll

2014-10-22 18:12 - 2014-01-21 20:33 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

2014-09-06 18:09 - 2013-04-19 16:30 - 01218360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe

2014-10-13 22:46 - 2014-10-13 22:46 - 00023872 _____ () D:\DIMMDRIVE\ddservice.exe

2014-09-18 01:23 - 2014-09-18 01:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2014-10-14 12:51 - 2014-10-14 12:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2014-09-18 01:23 - 2014-09-18 01:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2014-10-14 12:51 - 2014-10-14 12:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2014-11-08 13:37 - 2014-11-08 13:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-10-22 18:13 - 2014-05-23 09:44 - 00039736 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe

2014-10-22 18:13 - 2014-01-22 10:35 - 00258048 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\x64\S5wow_2005.exe

2014-09-06 18:09 - 2013-04-19 16:30 - 01220408 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe

2014-10-22 18:12 - 2015-01-14 18:30 - 00036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2014-10-22 18:12 - 2014-01-21 20:33 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2014-09-06 18:08 - 2013-04-15 14:47 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll

2014-09-06 18:08 - 2013-03-13 17:12 - 00870912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll

2014-09-06 18:09 - 2013-04-19 18:30 - 02626048 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll

2014-09-06 18:09 - 2013-03-28 16:16 - 01111040 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll

2014-09-06 18:09 - 2013-04-02 17:32 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll

2014-09-06 18:07 - 2013-04-15 00:47 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll

2014-09-06 18:08 - 2013-04-15 14:47 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll

2014-09-06 18:10 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll

2014-09-06 18:08 - 2013-04-15 14:47 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll

2014-09-06 18:08 - 2013-04-15 14:47 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll

2014-09-06 18:11 - 2012-11-29 12:44 - 00062976 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll

2014-09-06 18:10 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll

2014-09-06 18:10 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00497664 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\vvc2.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll

2014-09-06 18:09 - 2013-04-19 18:05 - 00784384 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00769024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll

2014-09-06 18:09 - 2013-04-19 16:30 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll

2014-10-22 18:13 - 2014-01-22 10:35 - 00339968 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\AudioProjection.dll

2014-10-22 18:13 - 2014-01-22 10:35 - 00067584 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\CoreAudioCap.dll

2014-10-22 18:13 - 2014-01-22 10:35 - 00176128 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\DLCapPP.dll

2014-10-22 18:13 - 2014-01-22 10:35 - 00425984 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\awiscale.DLL

2014-10-22 18:13 - 2014-01-22 10:35 - 00221184 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\JpegCD.DLL

2014-10-22 18:13 - 2014-01-22 10:36 - 02502656 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\xH264E.DLL

2014-10-22 18:13 - 2014-01-22 10:36 - 00475136 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFiGO_HookKey.dll

2014-10-22 18:13 - 2014-01-22 10:34 - 00160256 _____ () C:\Program Files (x86)\InstallShield Installation Information\{F5A3E41B-64E8-45BC-806C-57C81DED4409}\CloudAPI\CloudAPI.dll

2014-10-22 18:13 - 2014-01-22 10:36 - 00753664 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiMoveHelp.dll

2014-10-22 18:13 - 2014-01-22 10:35 - 00684032 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\PhoneCtrlAPI.dll

2014-09-06 16:45 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-01-10 15:51 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2015-01-10 15:51 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2015-01-10 15:51 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2015-01-10 15:51 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2015-01-10 16:47 - 2014-12-05 19:50 - 00146760 _____ () C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll

2015-01-10 16:47 - 2014-09-25 10:53 - 06572360 _____ () C:\Users\Donovan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdm.dll

2014-08-21 17:14 - 2014-12-01 15:31 - 02396672 _____ () E:\Steam\libavcodec-56.dll

2014-08-21 17:14 - 2014-12-01 15:31 - 00442880 _____ () E:\Steam\libavutil-54.dll

2014-08-21 17:14 - 2014-12-01 15:31 - 00479744 _____ () E:\Steam\libavformat-56.dll

2014-08-21 17:14 - 2014-12-01 15:31 - 00332800 _____ () E:\Steam\libavresample-2.dll

2014-06-11 18:44 - 2014-11-11 12:47 - 00774656 _____ () E:\Steam\SDL2.dll

2014-12-06 17:54 - 2014-12-01 18:29 - 05002752 _____ () E:\Steam\v8.dll

2014-12-06 17:54 - 2014-12-01 18:29 - 01612800 _____ () E:\Steam\icui18n.dll

2014-12-06 17:54 - 2014-12-01 18:29 - 01210368 _____ () E:\Steam\icuuc.dll

2014-06-11 18:44 - 2015-01-15 20:58 - 02227904 _____ () E:\Steam\video.dll

2014-08-21 17:14 - 2014-12-01 15:31 - 00485888 _____ () E:\Steam\libswscale-3.dll

2014-06-11 18:44 - 2015-01-15 20:57 - 00696000 _____ () E:\Steam\bin\chromehtml.DLL

2014-06-11 18:44 - 2015-01-15 17:42 - 34641288 _____ () E:\Steam\bin\libcef.dll

2014-07-27 15:46 - 2015-01-15 17:42 - 01709960 _____ () E:\Steam\bin\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: dleeCATSCustConnectService => 2

MSCONFIG\Services: dlee_device => 2

MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

MSCONFIG\startupreg: ASUS WiFi GO! FileTransfer Execute => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\WiFileTransfer.exe

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: Dell V715w => "C:\Program Files (x86)\Dell V715w\fm3032.exe" /s

MSCONFIG\startupreg: dleemon.exe => "C:\Program Files (x86)\Dell V715w\dleemon.exe"

MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V715w\ezprint.exe"

MSCONFIG\startupreg: GeDoSaToTool => E:\Steam\SteamApps\common\FINAL FANTASY XIII\GeDoSaTo\GeDoSaToTool.exe -m

MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1314618202-1260968748-905553310-500 - Administrator - Disabled)

Donovan (S-1-5-21-1314618202-1260968748-905553310-1000 - Administrator - Enabled) => C:\Users\Donovan

Guest (S-1-5-21-1314618202-1260968748-905553310-501 - Limited - Disabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/16/2015 08:09:34 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Steam.exe version 2.58.6.47 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 36e8

 

Start Time: 01d031f8262a3de1

 

Termination Time: 10

 

Application Path: E:\Steam\Steam.exe

 

Report Id: dfb39c1a-9ded-11e4-8ca0-240a641acef9

 

Error: (01/16/2015 07:30:16 PM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/15/2015 05:38:54 AM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/15/2015 00:27:03 AM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/14/2015 11:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Overlord2.exe, version: 0.0.0.0, time stamp: 0x4a254d52

Faulting module name: MSVCR80.dll, version: 8.0.50727.6229, time stamp: 0x4ec352ab

Exception code: 0x80000003

Fault offset: 0x00008848

Faulting process id: 0x30fc

Faulting application start time: 0xOverlord2.exe0

Faulting application path: Overlord2.exe1

Faulting module path: Overlord2.exe2

Report Id: Overlord2.exe3

 

Error: (01/14/2015 11:02:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Overlord2.exe, version: 0.0.0.0, time stamp: 0x4a254d52

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x00038e19

Faulting process id: 0x2bb8

Faulting application start time: 0xOverlord2.exe0

Faulting application path: Overlord2.exe1

Faulting module path: Overlord2.exe2

Report Id: Overlord2.exe3

 

Error: (01/14/2015 11:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Overlord2.exe, version: 0.0.0.0, time stamp: 0x4a254d52

Faulting module name: MSVCR80.dll, version: 8.0.50727.6229, time stamp: 0x4ec352ab

Exception code: 0x80000003

Fault offset: 0x00008848

Faulting process id: 0x2ed0

Faulting application start time: 0xOverlord2.exe0

Faulting application path: Overlord2.exe1

Faulting module path: Overlord2.exe2

Report Id: Overlord2.exe3

 

Error: (01/14/2015 10:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Overlord2.exe, version: 0.0.0.0, time stamp: 0x4a254d52

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x00038e19

Faulting process id: 0x2934

Faulting application start time: 0xOverlord2.exe0

Faulting application path: Overlord2.exe1

Faulting module path: Overlord2.exe2

Report Id: Overlord2.exe3

 

Error: (01/14/2015 10:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Overlord2.exe, version: 0.0.0.0, time stamp: 0x4a254d52

Faulting module name: MSVCR80.dll, version: 8.0.50727.6229, time stamp: 0x4ec352ab

Exception code: 0x80000003

Fault offset: 0x00008848

Faulting process id: 0x2edc

Faulting application start time: 0xOverlord2.exe0

Faulting application path: Overlord2.exe1

Faulting module path: Overlord2.exe2

Report Id: Overlord2.exe3

 

Error: (01/14/2015 10:56:16 PM) (Source: MsiInstaller) (EventID: 1013) (User: Donovans-PC)

Description: Product: NVIDIA PhysX -- Installation terminated

 

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

Error: (01/16/2015 08:09:34 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Steam.exe2.58.6.4736e801d031f8262a3de110E:\Steam\Steam.exedfb39c1a-9ded-11e4-8ca0-240a641acef9

 

Error: (01/16/2015 07:30:16 PM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/15/2015 05:38:54 AM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/15/2015 00:27:03 AM) (Source: Service1) (EventID: 0) (User: )

Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.

   at Service.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)

   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

 

Error: (01/14/2015 11:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Overlord2.exe0.0.0.04a254d52MSVCR80.dll8.0.50727.62294ec352ab800000030000884830fc01d03080881cd684E:\Steam\steamapps\common\Overlord II\Overlord2.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dllc79cada7-9c73-11e4-8ca0-240a641acef9

 

Error: (01/14/2015 11:02:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Overlord2.exe0.0.0.04a254d52ntdll.dll6.1.7601.18247521ea8e7c000000500038e192bb801d030806a3f8958E:\Steam\steamapps\common\Overlord II\Overlord2.exeC:\Windows\SysWOW64\ntdll.dllaf20f895-9c73-11e4-8ca0-240a641acef9

 

Error: (01/14/2015 11:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Overlord2.exe0.0.0.04a254d52MSVCR80.dll8.0.50727.62294ec352ab80000003000088482ed001d030803799a5a7E:\Steam\steamapps\common\Overlord II\Overlord2.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll795392a6-9c73-11e4-8ca0-240a641acef9

 

Error: (01/14/2015 10:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Overlord2.exe0.0.0.04a254d52ntdll.dll6.1.7601.18247521ea8e7c000000500038e19293401d0307fb4ecabaeE:\Steam\steamapps\common\Overlord II\Overlord2.exeC:\Windows\SysWOW64\ntdll.dllf7ceec5a-9c72-11e4-8ca0-240a641acef9

 

Error: (01/14/2015 10:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Overlord2.exe0.0.0.04a254d52MSVCR80.dll8.0.50727.62294ec352ab80000003000088482edc01d0307fafe6a110E:\Steam\steamapps\common\Overlord II\Overlord2.exeC:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dllf018161c-9c72-11e4-8ca0-240a641acef9

 

Error: (01/14/2015 10:56:16 PM) (Source: MsiInstaller) (EventID: 1013) (User: Donovans-PC)

Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-14 21:36:09.886

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-14 20:02:35.740

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-14 19:51:12.602

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-14 18:30:58.084

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 22:42:20.749

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 21:50:03.502

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 21:39:33.245

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 21:21:15.234

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 21:13:53.026

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-13 19:19:53.224

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4670K CPU @ 3.40GHz

Percentage of memory in use: 24%

Total physical RAM: 32705.4 MB

Available physical RAM: 24757.18 MB

Total Pagefile: 33503.58 MB

Available Pagefile: 25188.44 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:70.66 GB) NTFS

Drive d: (MEGA_MAN) (Fixed) (Total:2794.39 GB) (Free:1201.99 GB) NTFS

Drive e: (STEAM SSD) (Fixed) (Total:931.51 GB) (Free:116.86 GB) NTFS

Drive f: (DRAGON_BALL) (Fixed) (Total:2794.39 GB) (Free:2691.51 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 147E482C)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2794.5 GB) (Disk ID: B0E2B9F7)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 495E9931)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

========================================================

Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Reset Chrome startup urls to clear "hxxps://sasktenders....c/Search.aspx" that is a suspicious link and really should not be running at startup. Instructions here: https://support.google.com/chrome/answer/95314?rd=1

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Thanks,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 TikiOne Steam Cleaner   

 Java 7 Update 71  

 Visual Studio Extensions for Windows Library for JavaScript 

 Mozilla Thunderbird (31.4.0) 

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Sorry Totally forgot about that one here it is

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01

Ran by Donovan at 2015-01-17 16:40:03 Run:1

Running from C:\Users\Donovan\Desktop\Cleaners

Loaded Profiles: Donovan (Available profiles: Donovan)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1314618202-1260968748-905553310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

C:\Users\Donovan\AppData\Local\Temp\CH.dll

Emptytemp:

end

 

 

 

*****************

 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKU\S-1-5-21-1314618202-1260968748-905553310-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

C:\Users\Donovan\AppData\Local\Temp\CH.dll => Moved successfully.

EmptyTemp: => Removed 1.4 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 16:40:16 ====

Link to post
Share on other sites

Thanks for the update, just need to clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.