KakOkA

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About KakOkA

  • Rank
    Newbie
  1. Thank you very much. What you've done is much appreciated! All the best. ☺
  2. Everything seems to be smooth now.. No more ads from these guys, thank you very much for your work !! Awaiting your instructions for uninstallation of FRST.
  3. Thanks again for your quick response. 1. Here is the fixlog report: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 Ran by neidk_000 at 2015-01-12 20:59:58 Run:2 Running from C:\Users\neidk_000\Desktop Loaded Profile: neidk_000 (Available profiles: neidk_000) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\sAlEpruizEss C:\Program Files (x86)\brOOwwseaandshoP C:\ProgramData\sAlEpruizEss C:\ProgramData\brOOwwseaandshoP C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb ***************** C:\Program Files (x86)\sAlEpruizEss => Moved successfully. C:\Program Files (x86)\brOOwwseaandshoP => Moved successfully. C:\ProgramData\sAlEpruizEss => Moved successfully. C:\ProgramData\brOOwwseaandshoP => Moved successfully. C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb => Moved successfully. ==== End of Fixlog 20:59:58 ==== 2. I've done a full scan with both of these and there was nothing infected and/or malicious found. Here is the report from Malwarebytes : Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/01/2015 Scan Time: 21:05:00 Logfile: Malwarebytes.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.12.08 Rootkit Database: v2015.01.07.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: neidk_000 Scan Type: Threat Scan Result: Completed Objects Scanned: 363202 Time Elapsed: 8 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) 3. Here is the report from ESET Online Scanner, these were the threats found (haven't removed them yet) : C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf\163\KtbcxK.js JS/Kryptik.ATB trojan C:\Users\neidk_000\AppData\Local\Microsoft\Windows\INetCache\IE\5PTUR3TZ\ReimagePackage1803x64b[1].exe a variant of Win32/ReImageRepair.B potentially unwanted application C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe a variant of Win32/ReImageRepair.B potentially unwanted application C:\Users\neidk_000\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\neidk_000\Downloads\setup_syncios.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\neidk_000\Downloads\smart-defrag-setup.exe a variant of Win32/OpenCandy.C potentially unsafe application 4. FRST.TXT: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 Ran by neidk_000 (administrator) on AYYA-LAPTOP on 12-01-2015 22:54:50 Running from C:\Users\neidk_000\Desktop Loaded Profile: neidk_000 (Available profiles: neidk_000) Platform: Windows 8.1 (X64) OS Language: Anglais (États-Unis) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe ( ) C:\Windows\System32\lxdncoms.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\neidk_000\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] () HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.) HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{566FF924-4929-471D-A511-91D26E3B30EC}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> DefaultScope {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL = SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30] CHR Extension: (Google Docs) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30] CHR Extension: (YouTube) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30] CHR Extension: (Recherche Google) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30] CHR Extension: (Google Sheets) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30] CHR Extension: (Barre de Confiance CM-CIC) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjkhaeogkeelkioellpgcebmekedpag [2014-08-30] CHR Extension: (1click timer) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-01-08] CHR Extension: (Google Wallet) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] () R2 lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [1039872 2007-11-28] ( ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed] R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3885264 2013-08-29] (Qualcomm Atheros, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.) S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300352 2014-11-13] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 Razerlow; C:\Windows\system32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 22:54 - 2015-01-12 22:55 - 00018627 _____ () C:\Users\neidk_000\Desktop\FRST.txt 2015-01-12 22:52 - 2015-01-12 22:52 - 00000776 _____ () C:\Users\neidk_000\Desktop\EST Report.txt 2015-01-12 21:16 - 2015-01-12 21:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-12 21:15 - 2015-01-12 21:15 - 00000000 __SHD () C:\Users\neidk_000\AppData\Local\EmieBrowserModeList 2015-01-12 21:14 - 2015-01-12 21:14 - 00001053 _____ () C:\Users\neidk_000\Desktop\Malwarebytes.txt 2015-01-12 21:03 - 2015-01-12 21:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-12 21:03 - 2015-01-12 21:03 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-12 21:03 - 2015-01-12 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-12 21:03 - 2015-01-12 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-12 21:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-12 21:03 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-12 21:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-12 21:00 - 2015-01-12 21:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028 (1).exe 2015-01-11 21:43 - 2015-01-12 22:54 - 00000000 ____D () C:\FRST 2015-01-11 21:43 - 2015-01-11 21:44 - 00039321 _____ () C:\Users\neidk_000\Downloads\Addition.txt 2015-01-11 21:43 - 2015-01-11 21:44 - 00030864 _____ () C:\Users\neidk_000\Downloads\FRST.txt 2015-01-11 21:42 - 2015-01-11 21:42 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe 2015-01-11 21:40 - 2015-01-11 21:40 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Lavasoft 2015-01-11 21:25 - 2015-01-12 18:52 - 00002355 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\LavasoftStatistics 2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-11 21:23 - 2015-01-11 21:23 - 00000000 ____D () C:\Program Files\Lavasoft 2015-01-11 21:21 - 2015-01-11 21:21 - 02124288 _____ (Farbar) C:\Users\neidk_000\Desktop\FRST64 (1).exe 2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-01-11 21:20 - 2015-01-11 21:20 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-11 21:19 - 2015-01-11 21:19 - 01707144 _____ () C:\Users\neidk_000\Downloads\Adaware_Installer-11.2.5952.exe 2015-01-11 21:18 - 2015-01-11 21:18 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64.exe 2015-01-11 21:10 - 2015-01-11 21:12 - 00000000 ____D () C:\AdwCleaner 2015-01-11 21:08 - 2015-01-11 21:09 - 02173952 _____ () C:\Users\neidk_000\Downloads\AdwCleaner-4.106.exe 2015-01-11 20:10 - 2015-01-11 20:10 - 00775968 _____ (Reimage®) C:\Users\neidk_000\Downloads\ReimageRepair.exe 2015-01-11 18:12 - 2015-01-12 18:11 - 00014744 _____ () C:\WINDOWS\PFRO.log 2015-01-11 18:12 - 2015-01-11 18:13 - 00480024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-11 17:56 - 2015-01-11 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-11 17:48 - 2015-01-11 17:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setupact.log 2015-01-07 17:58 - 2015-01-11 21:38 - 00000000 ____D () C:\Program Files (x86)\desktopbeautifier 2015-01-06 21:39 - 2015-01-06 21:39 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Macromedia 2015-01-02 16:54 - 2015-01-02 16:54 - 00002393 _____ () C:\Users\neidk_000\Documents\MumbleAutomaticCertificateBackup.p12 2015-01-02 16:53 - 2015-01-03 14:12 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mumble 2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files (x86)\Mumble 2015-01-02 16:35 - 2015-01-02 16:36 - 16232960 _____ () C:\Users\neidk_000\Downloads\mumble_1-2-7_fr_43179.msi 2015-01-02 12:38 - 2015-01-02 12:38 - 00011361 _____ () C:\Users\neidk_000\Downloads\WarriorProcAlert-r67.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 01322876 _____ () C:\Users\neidk_000\Downloads\DBM-4.52-r4442-Core-and-##No spam-Mods.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 00357076 _____ () C:\Users\neidk_000\Downloads\Recount-v4.0.1_release.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 00071612 _____ () C:\Users\neidk_000\Downloads\omnicc-6.0.10.zip 2015-01-01 16:34 - 2015-01-01 16:34 - 00000000 ____D () C:\Users\neidk_000\Downloads\realmlist 2015-01-01 16:33 - 2015-01-01 16:33 - 00000117 _____ () C:\Users\neidk_000\Downloads\realmlist.rar 2015-01-01 16:27 - 2015-01-01 16:27 - 00002030 _____ () C:\Users\neidk_000\Desktop\World of Warcraft 3.3.5 Ivalice - Raccourci.lnk 2015-01-01 16:27 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment 2014-12-29 18:07 - 2014-12-29 18:07 - 00063589 _____ () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice_open.torrent 2014-12-29 18:07 - 2014-12-29 18:07 - 00000000 ____D () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice 2014-12-22 18:35 - 2014-12-22 18:35 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\4kdownload.com 2014-12-22 18:27 - 2014-12-22 18:29 - 23859608 _____ (Open Media LLC ) C:\Users\neidk_000\Downloads\4kvideodownloader_3.4.exe 2014-12-20 01:36 - 2015-01-12 18:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-15 23:21 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 23:21 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-14 18:59 - 2015-01-09 21:01 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\TS3Client 2014-12-14 12:00 - 2015-01-12 19:32 - 01626159 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-14 11:34 - 2014-12-14 11:34 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\GlarySoft 2014-12-14 10:37 - 2014-12-14 10:37 - 00000000 ____D () C:\ProgramData\IObit 2014-12-14 10:37 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2014-12-14 10:37 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\IObit 2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-12-14 10:35 - 2014-12-14 10:36 - 12270960 _____ (IObit ) C:\Users\neidk_000\Downloads\smart-defrag-setup.exe 2014-12-14 09:51 - 2014-12-14 09:51 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-14 09:50 - 2014-12-14 09:52 - 17528608 _____ (IObit) C:\Users\neidk_000\Downloads\iobituninstaller.exe 2014-12-14 09:49 - 2014-12-14 09:50 - 05162080 _____ (Piriform Ltd) C:\Users\neidk_000\Downloads\ccsetup500.exe 2014-12-14 09:47 - 2015-01-11 21:04 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\DigitalVolcano 2014-12-14 09:45 - 2014-12-14 09:45 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\neidk_000\Downloads\DuplicateCleaner_setup [1].exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 22:27 - 2014-08-30 10:11 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-12 22:15 - 2014-05-10 22:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-12 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-12 21:48 - 2014-08-29 19:00 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2221901762-3814291360-2724073944-1008 2015-01-12 19:04 - 2014-10-13 11:39 - 00005100 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop 2015-01-12 18:58 - 2014-08-30 10:11 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-12 18:53 - 2014-08-29 18:57 - 00000000 ___DO () C:\Users\neidk_000\OneDrive 2015-01-12 18:52 - 2014-03-09 04:26 - 00000360 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job 2015-01-12 18:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-12 18:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2015-01-12 18:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-12 18:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-12 18:14 - 2014-08-29 20:22 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C1D29E9-C5FF-48A4-BBAC-153ABBB78187} 2015-01-11 21:05 - 2014-09-15 14:54 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mozilla 2015-01-11 21:05 - 2014-06-30 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-11 18:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing 2015-01-11 17:45 - 2014-08-29 20:21 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\CrashDumps 2015-01-09 21:01 - 2014-09-16 22:59 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\uTorrent 2014-12-31 12:14 - 2014-05-12 19:19 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-23 19:25 - 2014-09-25 08:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-20 13:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-19 23:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-17 18:06 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-12-16 20:12 - 2014-09-28 17:53 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Battle.net 2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-14 10:30 - 2014-03-09 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled 2014-12-14 10:14 - 2014-05-12 20:21 - 00000000 ____D () C:\WINDOWS\Minidump 2014-12-14 10:14 - 2014-03-09 03:33 - 00000000 ___DC () C:\WINDOWS\Panther 2014-12-14 10:14 - 2013-04-25 00:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-12-13 17:28 - 2014-08-30 10:21 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk Some content of TEMP: ==================== C:\Users\neidk_000\AppData\Local\Temp\Quarantine.exe C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe C:\Users\neidk_000\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-12 18:21 ==================== End Of Log ============================ Addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 Ran by neidk_000 at 2015-01-12 22:55:19 Running from C:\Users\neidk_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden µTorrent (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.) Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft) AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{1AE65157-6E14-49AF-98DF-447927FBC142}) (Version: 0.7.9.844 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1304.1501 - Micro-Star International Co., Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hybrid Power (HKLM-x32\...\InstallShield_{C07F934A-3253-4740-86B8-22BA5F571E6E}) (Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hybrid Power (x32 Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.) KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) KLM (x32 Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mises à jour NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI) MSI Social Media Collection (HKLM-x32\...\{5EE31A9B-EA26-41EA-B4B6-73910C5E06DC}) (Version: 1.13.0123 - MSI) Mumble 1.2.7 (HKLM-x32\...\{1FC198EF-5C3F-4C2A-99AC-22DE9B3FBFDE}) (Version: 1.2.7 - Thorvald Natvig) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Pilote graphique 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Panneau de configuration NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1027 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.) SCM (HKLM\...\{5172DE8A-2640-474E-B89F-A04A90312A74}) (Version: 10.013.04183 - Application) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment) Xilisoft Convertisseur Audio Pro (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Xilisoft Convertisseur Audio Pro) (Version: 6.5.0.20131129 - Xilisoft) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 28-12-2014 17:53:32 Scheduled Checkpoint 02-01-2015 16:41:40 Installed Mumble 1.2.7 11-01-2015 18:56:53 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0A9CA613-AEEE-46B3-983B-059BB605F10F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated) Task: {33AC9125-901C-4F49-B513-3B0E318B3CB0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {411DB85B-A13D-4B3D-A66B-5844C944FD4E} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe Task: {42D418C7-EED1-49A6-A203-0F73C3E9C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {470FC0D9-ECC6-423D-AE36-A5BACB5A6364} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {4C4A48F0-005C-44E6-A3E3-F4542B3A9CD8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {84DBC868-4B4A-4CBF-AC88-213B1FD13728} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {B00C335E-DB90-4A25-BF31-DEC2515093AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation) Task: {CEF85E56-852B-44AA-B5B9-6973659344AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {D8032F32-6996-4163-BF44-03E846086D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {DA52A849-A2FB-46D4-815C-65D8D8312F2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {DF9A794A-A359-4224-8994-F97663F8FC6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {EE4CFE7A-1166-4536-B24B-060F687413AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {FA2926E2-7D40-473A-AA33-51FF71C33274} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {FBF221CE-6C8C-4ABB-8932-7CFA023FD5E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-24 23:29 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-03-24 23:35 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-10 12:21 - 2009-08-13 11:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdndrpp.dll 2014-09-26 11:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-04-24 23:29 - 2012-11-01 19:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe 2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll 2013-09-20 16:51 - 2013-09-20 16:51 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 23:29 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2013-04-24 23:12 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\neidk_000\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2221901762-3814291360-2724073944-500 - Administrator - Disabled) Guest (S-1-5-21-2221901762-3814291360-2724073944-501 - Limited - Disabled) neidk_000 (S-1-5-21-2221901762-3814291360-2724073944-1008 - Administrator - Enabled) => C:\Users\neidk_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2015 09:16:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: La création du contexte d’activation a échoué pour « C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2 » à la ligne C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/12/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01 Nom du module défaillant : delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00037db3 ID du processus défaillant : 0x1964 Heure de début de l’application défaillante : 0xdelegate_execute.exe0 Chemin d’accès de l’application défaillante : delegate_execute.exe1 Chemin d’accès du module défaillant: delegate_execute.exe2 ID de rapport : delegate_execute.exe3 Nom complet du package défaillant : delegate_execute.exe4 ID de l’application relative au package défaillant : delegate_execute.exe5 Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 System errors: ============= Error: (01/12/2015 06:52:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/12/2015 06:52:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/12/2015 06:51:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/12/2015 06:11:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/12/2015 06:11:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/11/2015 10:16:45 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/11/2015 10:16:45 PM) (Source: DCOM) (EventID: 10010) (User: AYYA-LAPTOP) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (01/11/2015 10:16:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Microsoft Office Sessions: ========================= Error: (01/12/2015 09:16:59 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\neidk_000\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe Error: (01/12/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db3196401d02dbde9974f2fC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe2bd7641c-99b1-11e4-bea9-8c89a50b21a3 Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 CodeIntegrity Errors: =================================== Date: 2015-01-02 16:54:33.425 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:17.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:16.214 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:15.066 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 23:17:42.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-31 23:17:42.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 14:06:50.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 14:06:49.962 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-14 19:02:14.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-14 19:01:33.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 42% Total physical RAM: 8079.39 MB Available physical RAM: 4685.48 MB Total Pagefile: 9359.39 MB Available Pagefile: 6452.15 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:418.84 GB) (Free:303.65 GB) NTFS Drive d: (Data) (Fixed) (Total:259.59 GB) (Free:152.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 457CE740) Partition: GPT Partition Type. ==================== End Of Log ============================ Thanks for the work ! ☺
  4. Thanks for your prompt response. Yes, I let Adwcleaner remove everything it found. I have taken off the synchronization for extensions/parameters in Chrome, and deleted Firefox from my computer, as I have no use for it. Here is the fixlog report: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 Ran by neidk_000 at 2015-01-12 18:51:34 Run:1 Running from C:\Users\neidk_000\Desktop Loaded Profile: neidk_000 (Available profiles: neidk_000) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Folder: C:\Program Files (x86)\sAlEpruizEss Folder: C:\Program Files (x86)\brOOwwseaandshoP Folder: C:\ProgramData\sAlEpruizEss Folder: C:\ProgramData\brOOwwseaandshoP Folder: C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B525AD4-BE12-4287-BFEC-8D30A20D68B5}" => Key deleted successfully. HKCR\CLSID\{4B525AD4-BE12-4287-BFEC-8D30A20D68B5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. ========================= Folder: C:\Program Files (x86)\sAlEpruizEss ======================== ====== End of Folder: ====== ========================= Folder: C:\Program Files (x86)\brOOwwseaandshoP ======================== ====== End of Folder: ====== ========================= Folder: C:\ProgramData\sAlEpruizEss ======================== ====== End of Folder: ====== ========================= Folder: C:\ProgramData\brOOwwseaandshoP ======================== ====== End of Folder: ====== ========================= Folder: C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb ======================== 2015-01-08 19:08 - 2015-01-08 19:08 - 0022155 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\Az2al.js 2015-01-08 19:08 - 2015-01-08 19:08 - 0000112 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\background.html 2015-01-08 19:08 - 2015-01-08 19:08 - 0000360 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\IDskf4E7u.js 2015-01-08 19:08 - 2015-01-08 19:08 - 0000364 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\lS8kn0.js 2015-01-08 19:08 - 2015-01-08 19:08 - 0000839 _____ () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb\manifest.json ====== End of Folder: ====== The system needed a reboot. ==== End of Fixlog 18:51:34 ====
  5. Hello, I'm struggling since a few weeks getting rid of these ads and questionnaries randomly popping when I go into regular website.. "ads by lowprices" is what appear on the top right corner of each add. And I have a lot of advertisment links to "buzzwok.com" I've done a complete scan with Ad Aware, and here are the reports from FRST. FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015 Ran by neidk_000 (administrator) on AYYA-LAPTOP on 11-01-2015 21:43:13 Running from C:\Users\neidk_000\Downloads Loaded Profile: neidk_000 (Available profiles: neidk_000) Platform: Windows 8.1 (X64) OS Language: Anglais (États-Unis) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe ( ) C:\Windows\System32\lxdncoms.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] () HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.) HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{566FF924-4929-471D-A511-91D26E3B30EC}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * bddel.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008 -> {4B525AD4-BE12-4287-BFEC-8D30A20D68B5} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30] CHR Extension: (Google Docs) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30] CHR Extension: (YouTube) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30] CHR Extension: (Recherche Google) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30] CHR Extension: (Google Sheets) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30] CHR Extension: (Barre de Confiance CM-CIC) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjkhaeogkeelkioellpgcebmekedpag [2014-08-30] CHR Extension: (1click timer) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-01-08] CHR Extension: (Google Wallet) - C:\Users\neidk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] () R2 lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [1039872 2007-11-28] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed] R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3885264 2013-08-29] (Qualcomm Atheros, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.) S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300352 2014-11-13] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 Razerlow; C:\Windows\system32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 21:43 - 2015-01-11 21:43 - 00018727 _____ () C:\Users\neidk_000\Downloads\FRST.txt 2015-01-11 21:43 - 2015-01-11 21:43 - 00000000 ____D () C:\FRST 2015-01-11 21:42 - 2015-01-11 21:42 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (2).exe 2015-01-11 21:40 - 2015-01-11 21:40 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Lavasoft 2015-01-11 21:38 - 2015-01-11 21:38 - 00027112 _____ () C:\WINDOWS\system32\bddel.exe 2015-01-11 21:38 - 2015-01-11 21:38 - 00008556 _____ () C:\WINDOWS\system32\bddel.dat 2015-01-11 21:25 - 2015-01-11 21:25 - 00002355 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\LavasoftStatistics 2015-01-11 21:25 - 2015-01-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-11 21:23 - 2015-01-11 21:23 - 00000000 ____D () C:\Program Files\Lavasoft 2015-01-11 21:21 - 2015-01-11 21:21 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64 (1).exe 2015-01-11 21:21 - 2015-01-11 21:21 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-01-11 21:20 - 2015-01-11 21:20 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-11 21:19 - 2015-01-11 21:19 - 01707144 _____ () C:\Users\neidk_000\Downloads\Adaware_Installer-11.2.5952.exe 2015-01-11 21:18 - 2015-01-11 21:18 - 02124288 _____ (Farbar) C:\Users\neidk_000\Downloads\FRST64.exe 2015-01-11 21:10 - 2015-01-11 21:12 - 00000000 ____D () C:\AdwCleaner 2015-01-11 21:08 - 2015-01-11 21:09 - 02173952 _____ () C:\Users\neidk_000\Downloads\AdwCleaner-4.106.exe 2015-01-11 20:10 - 2015-01-11 20:10 - 00775968 _____ (Reimage®) C:\Users\neidk_000\Downloads\ReimageRepair.exe 2015-01-11 18:12 - 2015-01-11 21:13 - 00007438 _____ () C:\WINDOWS\PFRO.log 2015-01-11 18:12 - 2015-01-11 18:13 - 00480024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-11 17:56 - 2015-01-11 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-11 17:48 - 2015-01-11 17:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\neidk_000\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-10 13:31 - 2015-01-10 13:31 - 00000000 _____ () C:\WINDOWS\setupact.log 2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\Program Files (x86)\sAlEpruizEss 2015-01-09 19:13 - 2015-01-09 19:13 - 00000000 ____D () C:\Program Files (x86)\brOOwwseaandshoP 2015-01-08 19:08 - 2015-01-11 18:12 - 00000000 ____D () C:\ProgramData\sAlEpruizEss 2015-01-08 19:08 - 2015-01-11 18:12 - 00000000 ____D () C:\ProgramData\brOOwwseaandshoP 2015-01-08 19:08 - 2015-01-08 19:08 - 00000000 ____D () C:\ProgramData\lmmafcfhphogfainlmckejncjlmgnchb 2015-01-07 17:58 - 2015-01-11 21:38 - 00000000 ____D () C:\Program Files (x86)\desktopbeautifier 2015-01-06 21:39 - 2015-01-06 21:39 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Macromedia 2015-01-02 16:54 - 2015-01-02 16:54 - 00002393 _____ () C:\Users\neidk_000\Documents\MumbleAutomaticCertificateBackup.p12 2015-01-02 16:53 - 2015-01-03 14:12 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mumble 2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files (x86)\Mumble 2015-01-02 16:35 - 2015-01-02 16:36 - 16232960 _____ () C:\Users\neidk_000\Downloads\mumble_1-2-7_fr_43179.msi 2015-01-02 12:38 - 2015-01-02 12:38 - 00011361 _____ () C:\Users\neidk_000\Downloads\WarriorProcAlert-r67.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 01322876 _____ () C:\Users\neidk_000\Downloads\DBM-4.52-r4442-Core-and-##No spam-Mods.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 00357076 _____ () C:\Users\neidk_000\Downloads\Recount-v4.0.1_release.zip 2015-01-01 23:44 - 2015-01-01 23:44 - 00071612 _____ () C:\Users\neidk_000\Downloads\omnicc-6.0.10.zip 2015-01-01 16:34 - 2015-01-01 16:34 - 00000000 ____D () C:\Users\neidk_000\Downloads\realmlist 2015-01-01 16:33 - 2015-01-01 16:33 - 00000117 _____ () C:\Users\neidk_000\Downloads\realmlist.rar 2015-01-01 16:27 - 2015-01-01 16:27 - 00002030 _____ () C:\Users\neidk_000\Desktop\World of Warcraft 3.3.5 Ivalice - Raccourci.lnk 2015-01-01 16:27 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment 2014-12-29 18:07 - 2014-12-29 18:07 - 00063589 _____ () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice_open.torrent 2014-12-29 18:07 - 2014-12-29 18:07 - 00000000 ____D () C:\Users\neidk_000\Downloads\World of Warcraft 3.3.5 Ivalice 2014-12-22 18:35 - 2014-12-22 18:35 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\4kdownload.com 2014-12-22 18:27 - 2014-12-22 18:29 - 23859608 _____ (Open Media LLC ) C:\Users\neidk_000\Downloads\4kvideodownloader_3.4.exe 2014-12-20 01:36 - 2014-12-20 01:36 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-12-15 23:21 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 23:21 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-14 18:59 - 2015-01-09 21:01 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\TS3Client 2014-12-14 12:00 - 2015-01-11 20:57 - 01430513 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-14 11:34 - 2014-12-14 11:34 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\GlarySoft 2014-12-14 10:37 - 2014-12-14 10:37 - 00000000 ____D () C:\ProgramData\IObit 2014-12-14 10:37 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2014-12-14 10:37 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe 2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\IObit 2014-12-14 10:36 - 2014-12-14 10:36 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-12-14 10:35 - 2014-12-14 10:36 - 12270960 _____ (IObit ) C:\Users\neidk_000\Downloads\smart-defrag-setup.exe 2014-12-14 09:51 - 2014-12-14 09:51 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-14 09:51 - 2014-12-14 09:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-14 09:50 - 2014-12-14 09:52 - 17528608 _____ (IObit) C:\Users\neidk_000\Downloads\iobituninstaller.exe 2014-12-14 09:49 - 2014-12-14 09:50 - 05162080 _____ (Piriform Ltd) C:\Users\neidk_000\Downloads\ccsetup500.exe 2014-12-14 09:47 - 2015-01-11 21:04 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\DigitalVolcano 2014-12-14 09:45 - 2014-12-14 09:45 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\neidk_000\Downloads\DuplicateCleaner_setup [1].exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 21:36 - 2014-10-13 11:39 - 00005098 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop 2015-01-11 21:27 - 2014-08-30 10:11 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-11 21:18 - 2014-08-29 19:00 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2221901762-3814291360-2724073944-1008 2015-01-11 21:15 - 2014-05-10 22:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-11 21:14 - 2014-08-29 18:57 - 00000000 ___DO () C:\Users\neidk_000\OneDrive 2015-01-11 21:13 - 2014-08-30 10:11 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-11 21:13 - 2014-03-09 04:26 - 00000360 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job 2015-01-11 21:13 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-11 21:12 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-11 21:05 - 2014-09-15 14:54 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\Mozilla 2015-01-11 21:05 - 2014-06-30 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-11 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-11 18:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing 2015-01-11 17:45 - 2014-08-29 20:21 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\CrashDumps 2015-01-11 17:36 - 2014-08-29 20:22 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1C1D29E9-C5FF-48A4-BBAC-153ABBB78187} 2015-01-09 21:01 - 2014-09-16 22:59 - 00000000 ____D () C:\Users\neidk_000\AppData\Roaming\uTorrent 2015-01-09 17:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-31 12:14 - 2014-05-12 19:19 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-23 19:25 - 2014-09-25 08:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-20 13:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-19 23:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-17 18:06 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-12-16 20:12 - 2014-09-28 17:53 - 00000000 ____D () C:\Users\neidk_000\AppData\Local\Battle.net 2014-12-15 18:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-14 12:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-14 10:30 - 2014-03-09 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled 2014-12-14 10:14 - 2014-05-12 20:21 - 00000000 ____D () C:\WINDOWS\Minidump 2014-12-14 10:14 - 2014-03-09 03:33 - 00000000 ___DC () C:\WINDOWS\Panther 2014-12-14 10:14 - 2013-04-25 00:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-12-13 17:28 - 2014-08-30 10:21 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-12-12 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-12 18:33 - 2014-03-08 21:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-12 18:28 - 2014-03-08 21:28 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-12 18:10 - 2013-11-14 08:28 - 02048344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-12 18:10 - 2013-02-22 10:19 - 00992884 _____ () C:\WINDOWS\system32\perfh00C.dat 2014-12-12 18:10 - 2013-02-22 10:19 - 00205286 _____ () C:\WINDOWS\system32\perfc00C.dat Some content of TEMP: ==================== C:\Users\neidk_000\AppData\Local\Temp\Quarantine.exe C:\Users\neidk_000\AppData\Local\Temp\ReimagePackage.exe C:\Users\neidk_000\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-02 16:17 ==================== End Of Log ============================ Addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015 Ran by neidk_000 at 2015-01-11 21:43:45 Running from C:\Users\neidk_000\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden µTorrent (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.) Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft) AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\{1AE65157-6E14-49AF-98DF-447927FBC142}) (Version: 0.7.9.844 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1304.1501 - Micro-Star International Co., Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hybrid Power (HKLM-x32\...\InstallShield_{C07F934A-3253-4740-86B8-22BA5F571E6E}) (Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hybrid Power (x32 Version: 1.0.1304.0301 - Micro-Star International Co., Ltd.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.) KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) KLM (x32 Version: 1.0.1304.2201 - Micro-Star International Co., Ltd.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mises à jour NVIDIA 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI) MSI Social Media Collection (HKLM-x32\...\{5EE31A9B-EA26-41EA-B4B6-73910C5E06DC}) (Version: 1.13.0123 - MSI) Mumble 1.2.7 (HKLM-x32\...\{1FC198EF-5C3F-4C2A-99AC-22DE9B3FBFDE}) (Version: 1.2.7 - Thorvald Natvig) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation) NVIDIA Pilote graphique 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Panneau de configuration NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.304 - Qualcomm Atheros Communications) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.0.35.1027 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.0.35.1027 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.) SCM (HKLM\...\{5172DE8A-2640-474E-B89F-A04A90312A74}) (Version: 10.013.04183 - Application) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment) Xilisoft Convertisseur Audio Pro (HKU\S-1-5-21-2221901762-3814291360-2724073944-1008\...\Xilisoft Convertisseur Audio Pro) (Version: 6.5.0.20131129 - Xilisoft) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2221901762-3814291360-2724073944-1008_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\neidk_000\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 28-12-2014 17:53:32 Scheduled Checkpoint 02-01-2015 16:41:40 Installed Mumble 1.2.7 11-01-2015 18:56:53 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {085681CF-C1D6-4990-93B8-550EACEC6D27} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation) Task: {0A9CA613-AEEE-46B3-983B-059BB605F10F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated) Task: {33AC9125-901C-4F49-B513-3B0E318B3CB0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {411DB85B-A13D-4B3D-A66B-5844C944FD4E} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe Task: {42D418C7-EED1-49A6-A203-0F73C3E9C4E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {470FC0D9-ECC6-423D-AE36-A5BACB5A6364} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {4C4A48F0-005C-44E6-A3E3-F4542B3A9CD8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {84DBC868-4B4A-4CBF-AC88-213B1FD13728} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {CEF85E56-852B-44AA-B5B9-6973659344AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {D8032F32-6996-4163-BF44-03E846086D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {DA52A849-A2FB-46D4-815C-65D8D8312F2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {DF9A794A-A359-4224-8994-F97663F8FC6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AYYA-LAPTOP-neidk_000 Ayya-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {EE4CFE7A-1166-4536-B24B-060F687413AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {FA2926E2-7D40-473A-AA33-51FF71C33274} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {FBF221CE-6C8C-4ABB-8932-7CFA023FD5E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ? Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-03-24 23:29 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-03-24 23:35 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-10 12:21 - 2009-08-13 11:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdndrpp.dll 2014-09-26 11:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-04-24 23:29 - 2012-11-01 19:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2013-09-20 16:51 - 2013-09-20 16:51 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe 2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll 2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe 2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll 2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll 2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 23:29 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-13 17:28 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll 2013-04-24 23:12 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\neidk_000\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2221901762-3814291360-2724073944-500 - Administrator - Disabled) Guest (S-1-5-21-2221901762-3814291360-2724073944-501 - Limited - Disabled) neidk_000 (S-1-5-21-2221901762-3814291360-2724073944-1008 - Administrator - Enabled) => C:\Users\neidk_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01 Nom du module défaillant : delegate_execute.exe, version : 39.0.2171.95, horodatage : 0x54823f01 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00037db3 ID du processus défaillant : 0x1964 Heure de début de l’application défaillante : 0xdelegate_execute.exe0 Chemin d’accès de l’application défaillante : delegate_execute.exe1 Chemin d’accès du module défaillant: delegate_execute.exe2 ID de rapport : delegate_execute.exe3 Nom complet du package défaillant : delegate_execute.exe4 ID de l’application relative au package défaillant : delegate_execute.exe5 Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/06/2015 09:48:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/06/2015 09:38:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme LiveComm.exe version 17.5.9600.20689 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1194 Heure de début : 01d029d7f08801ee Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe ID de rapport : f9277efe-95e3-11e4-bea9-8c89a50b21a3 Nom complet du package défaillant : microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (01/11/2015 09:13:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service BlueStacks Android Service dépend du service BlueStacks Hypervisor qui n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/11/2015 09:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service BlueStacks Hypervisor n’a pas pu démarrer en raison de l’erreur : %%2 Error: (01/11/2015 09:12:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Service de l’iPod s’est terminé de façon inattendue pour la 1ème fois. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Restart the service. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel® Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel® ME Service s’est terminé de façon inattendue pour la 1ème fois. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel® Rapid Storage Technology s’est terminé de façon inattendue pour la 1ème fois. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Bluetooth OBEX Service s’est terminé de façon inattendue pour la 1ème fois. Error: (01/11/2015 09:12:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Bluetooth Device Monitor s’est terminé de façon inattendue pour la 1ème fois. Microsoft Office Sessions: ========================= Error: (01/11/2015 06:48:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/11/2015 06:12:13 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (01/11/2015 05:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500037db3196401d02dbde9974f2fC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe2bd7641c-99b1-11e4-bea9-8c89a50b21a3 Error: (01/11/2015 05:43:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/09/2015 07:12:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (01/09/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/08/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/07/2015 06:48:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/06/2015 09:48:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (01/06/2015 09:38:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689119401d029d7f08801ee4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef9277efe-95e3-11e4-bea9-8c89a50b21a3microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 CodeIntegrity Errors: =================================== Date: 2015-01-02 16:54:33.425 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:17.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:16.214 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-02 16:54:15.066 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 23:17:42.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-31 23:17:42.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 14:06:50.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 14:06:49.962 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-14 19:02:14.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-14 19:01:33.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 45% Total physical RAM: 8079.39 MB Available physical RAM: 4364.36 MB Total Pagefile: 9359.39 MB Available Pagefile: 5965.47 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:418.84 GB) (Free:305.04 GB) NTFS Drive d: (Data) (Fixed) (Total:259.59 GB) (Free:152.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 457CE740) Partition: GPT Partition Type. ==================== End Of Log ============================ Thanks a lot for your much appreciated work. KakOkA