• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      UPDATE on Upgrade   02/07/2017

      We were somewhat delayed on getting the upgrade done, but it looks like it will now be done in the next few days or possibly even later today.   There is one change coming with the new upgrade that may affect people when they log in. There will no longer be separate Usernames and Display Names. Your Display Name will now be the only name you have for the forum and, if you used your Username to log in, you will now need to use your Display Name. It is likely that everyone who visits after the upgrade will need to log in again, so please keep this in mind.   Update again - Feb 7 - We have completed the main part of the upgrade and we are working to tweak settings for the site.  It will probably take us a while, but we will eventually settle down to the way we want it.  In the meanwhile, your posts should be secure, but the look of the forum and some functions may change over time.
    • cnm

      We backup daily at 9:00 PM Pacific Time   02/13/2017

      You may notice the forum being unresponsive for a few minutes around 9:00 PM PST (11:00 PM CST, 5:00 AM GMT) while we back up the database.
    • cnm

      Notifications blocked by Outlook.com, Hotmail, Live, etc   02/14/2017

      Our notifications are blocked by those mail servers. If you have email address at Hotmail, Hotmail.uk, etc etc then you will not get notifications and need to manually check for new replies. We recommend Gmail.   The notifications won't even be in your Spam folder - they just go down a black hole.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
BraidedDuke5

suspicious behavior flagged by zonealarm

20 posts in this topic

zonealarm popping up this message...

 

SUSPICIOUS BEHAVIOR

 

hideconsolewindow is trying to launch C"\WindowSysWOW64\cmd.exe , or use another program to gain access to privileged resources.

 

 

under show more info it reads "Application: C:\Windows\temp\7zS3127.tmp\HiddenLauncher.exe"

 

 

when i click deny it keeps popping up. i havent recently installed anything so im suspicious. can someone please provide me some information. google search pulled up nothing for me.

 

 

EDIT: Please read the Instructions http://www.spywareinfoforum.com/index.php?showtopic=79038 and post logs... Our helpers need details to review in order to help...

Edited by Budfred

Share this post


Link to post
Share on other sites

Hi BraidedDuke5, and welcome to SWI.

Please read the link that Budfred left you and post the needed logs. We need the information be to able to help you.

Share this post


Link to post
Share on other sites

Hi joker, and thank you. Im sorry for not posting logs initially, i thought it may just be something simple. this problem actually went away after running ccleaner, but i decided it would be good to look into to make sure there isnt a deeper problem that caused it. I couldnt get dds to work. i downloaded, moved straight to desktop, and doubleclicked and it says "dds isnt meant to run in 'compatability mode'. This program shall now exit" . it doesnt look like i have any problems except for getting dds to run, so prehaps you can help with that. i will post my logs anyways.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/22/2015
Scan Time: 4:01:03 PM
Logfile: malware log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.03.22.06
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Luke
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338644
Time Elapsed: 16 min, 46 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
and here is security check
Results of screen317's Security Check version 0.99.99
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Windows Defender
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 40
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm ZaPrivacyService.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Im sorry for not posting logs initially, i thought it may just be something simple.

 

Removal of that one malicious file you listed in the beginning of the topic might not fix the problem as it was apparently going to install something. It's always good to do a thorough check.

 

I couldnt get dds to work. i downloaded, moved straight to desktop, and doubleclicked and it says "dds isnt meant to run in 'compatability mode'. This program shall now exit" .

 

DDS isn't compatible at this time with Windows 8.1.

 

Download TFC by OldTimer to your Desktop.

  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

    Let it run uninterrupted untill it has finished.

  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[sn].txt (n is a number).

 

 

Please scan your system with ESET Online Scanner

Ensure that you have the flash drive plugged in when you run the scan.

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Download the below tool

Farbar Recovery Scan Tool (64 bit)

and save it to a folder on your computer's Desktop.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press the Scan button.

It will create a log (FRST.txt) in the same directory the tool is run.

The first time the tool is run, it makes creates another log (Addition.txt).

Please post the contents of both, each in their own reply.

 

Please post the log from AdwCleaner, the log from ESET Online Scanner, and then each in their own reply (so nothing is cut off by the maximum post length), the two logs from FRST (FRST.txt and Addition.txt), and note any errors encountered.

Share this post


Link to post
Share on other sites

Just a couple of side questions if you dont mind, while i have your attention, and while i am waiting on the very lengthy ESET scan. firstly, i notice that none of my security programs (other than malwarebytes) are on your suggested free tools list in your signature (i use spybot, avg free, zonealarm firewall, ccleaner, and malwarebytes). I believe i got the suggestions for these programs from someone else respected on these forums, but my question is are they sufficient or should i look into converting to your suggestions? secondly, what happened to hijackthis? when i last used a pc about 8 years ago and i used this site that was the go to... you just ran it and posted a log and someone told you what to delete... now there are like 7 programs i need to download? (not trying to question your expertise, and i do appreciate the help, just wondering about the history because i have tried looking it up and didnt find much, but noticed that hijackthis is still around). thirdly, i noticed pokki somewhere on one of my logs... i have fought with this thing several times but it seems to keep hanging around. will this get rid of it? thank you so much for taking the time to help me...

Share this post


Link to post
Share on other sites

ok here are the first logs

 

# AdwCleaner v4.113 - Logfile created 22/03/2015 at 21:02:17
# Updated 22/03/2015 by Xplode
# Database : 2015-03-22.2 [server]
# Operating system : Windows 8.1 (x64)
# Username : Luke - LAPTAWP
# Running from : C:\Users\Luke\Desktop\adwcleaner_4.113.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Luke\AppData\Local\DownloadManager
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v41.0.2272.101
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
[C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [2297 bytes] - [22/03/2015 20:55:19]
AdwCleaner[s0].txt - [1901 bytes] - [22/03/2015 21:02:17]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1960 bytes] ##########
and ESET
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application deleted - quarantined

Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Luke (administrator) on LAPTAWP on 22-03-2015 22:52:44

Running from C:\Users\Luke\Desktop\Security

Loaded Profiles: Luke (Available profiles: Luke)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsupdatesvr.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe

(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



==================== Registry (Whitelisted) ==================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1380056 2014-03-18] (Realtek Semiconductor)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-03-04] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] ( (Qualcomm®Atheros®))

HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (No File)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB

HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3778082141-2279527705-2530418812-1002 -> {7D272C4F-1EB3-4A73-9739-37C3EEA9EB87} URL =

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1


FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-17] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-17] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)


Chrome:

=======

CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]

CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]

CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]

CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]

CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09]

CHR Extension: (Google Sheets) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]

CHR Extension: (Google Wallet) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]

CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09]


==================== Services (Whitelisted) =================


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)

R2 Kingsoft_WPS_UpdateService; C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsupdatesvr.exe [133480 2015-02-09] (Zhuhai Kingsoft Office Software Co.,Ltd)

R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-14] (acer)

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)

R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-28] (VTech)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]


==================== Drivers (Whitelisted) ====================


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-19] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-29] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-19] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)

S3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)

S3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)

R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)



==================== One Month Created Files and Folders ========


(If an entry is included in the fixlist, the file\folder will be moved.)


2015-03-22 22:52 - 2015-03-22 22:52 - 00000000 ____D () C:\FRST

2015-03-22 21:15 - 2015-03-22 22:52 - 00000000 ____D () C:\Users\Luke\Desktop\Security

2015-03-22 21:10 - 2015-03-22 21:10 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-03-22 20:55 - 2015-03-22 21:02 - 00000000 ____D () C:\AdwCleaner

2015-03-22 20:49 - 2015-03-22 20:49 - 00000338 _____ () C:\Windows\PFRO.log

2015-03-22 01:04 - 2015-03-22 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nox [GOG.com]

2015-03-22 00:50 - 2015-03-22 21:04 - 00001840 _____ () C:\Windows\setupact.log

2015-03-22 00:50 - 2015-03-22 00:50 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-21 08:28 - 2015-03-22 21:03 - 00231619 _____ () C:\Windows\WindowsUpdate.log

2015-03-21 05:20 - 2015-03-21 05:21 - 00000000 ____D () C:\Users\Luke\Documents\Neverwinter Nights 2

2015-03-21 05:02 - 2015-03-21 05:03 - 00018435 _____ () C:\Windows\DirectX.log

2015-03-21 05:02 - 2015-03-21 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights Diamond Edition [GOG.com]

2015-03-21 04:53 - 2015-03-21 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neverwinter Nights 2 Complete [GOG.com]

2015-03-21 02:26 - 2015-03-21 02:55 - 00000000 ____D () C:\Users\Luke\AppData\Local\GOG.com

2015-03-21 02:26 - 2015-03-21 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2015-03-21 02:26 - 2015-03-21 02:26 - 00000000 ____D () C:\Program Files (x86)\GOG.com

2015-03-21 00:55 - 2015-03-22 00:58 - 00000000 ____D () C:\GOG Games

2015-03-21 00:37 - 2015-03-21 00:53 - 604655600 _____ (GOG.com ) C:\Users\Luke\Downloads\setup_robin_hood_2.0.0.12.exe

2015-03-20 21:07 - 2015-03-20 21:07 - 00001691 _____ () C:\Users\Luke\Downloads\redirect.htm

2015-03-20 00:52 - 2015-03-20 00:52 - 00001146 _____ () C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk

2015-03-20 00:52 - 2015-03-20 00:52 - 00000000 ____D () C:\Users\Luke\AppData\Local\Intel

2015-03-20 00:52 - 2015-03-20 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility

2015-03-20 00:52 - 2015-03-20 00:52 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility

2015-03-20 00:45 - 2015-03-20 00:46 - 00000000 ____D () C:\Users\Luke\AppData\Local\NVIDIA Corporation

2015-03-20 00:45 - 2015-03-20 00:46 - 00000000 ____D () C:\Users\Luke\AppData\Local\NVIDIA

2015-03-20 00:45 - 2015-03-20 00:45 - 00001331 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk

2015-03-20 00:45 - 2015-03-20 00:45 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-20 00:45 - 2015-03-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-03-20 00:45 - 2015-03-20 00:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-03-20 00:45 - 2015-03-20 00:45 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-03-20 00:45 - 2014-07-25 10:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-03-20 00:45 - 2014-07-25 10:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-03-20 00:45 - 2014-07-25 10:01 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-03-20 00:45 - 2014-07-25 10:01 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 01084704 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2015-03-20 00:45 - 2014-07-02 14:55 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2015-03-20 00:45 - 2014-07-02 14:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-03-20 00:45 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin

2015-03-20 00:44 - 2015-03-20 00:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2015-03-20 00:44 - 2014-07-02 14:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-03-20 00:43 - 2014-07-02 16:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-03-20 00:43 - 2014-07-02 16:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb

2015-03-20 00:43 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2015-03-20 00:43 - 2014-03-31 12:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2015-03-20 00:43 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2015-03-20 00:42 - 2014-07-02 16:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-03-20 00:42 - 2014-07-02 16:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-03-20 00:42 - 2014-07-02 16:48 - 03196816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2015-03-20 00:42 - 2014-07-02 16:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-03-20 00:34 - 2015-03-20 00:34 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab

2015-03-20 00:32 - 2015-03-20 00:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-03-20 00:32 - 2015-03-20 00:32 - 00000000 ____D () C:\ProgramData\Sun

2015-03-20 00:32 - 2015-03-20 00:32 - 00000000 ____D () C:\ProgramData\Oracle

2015-03-20 00:32 - 2015-03-20 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-03-20 00:32 - 2015-03-20 00:32 - 00000000 ____D () C:\Program Files (x86)\Java

2015-03-20 00:27 - 2015-03-20 00:28 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2015-03-14 12:11 - 2015-03-14 12:12 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\dvdcss

2015-03-12 13:00 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2015-03-12 13:00 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys

2015-03-12 13:00 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2015-03-12 13:00 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll

2015-03-12 13:00 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll

2015-03-12 13:00 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe

2015-03-12 13:00 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe

2015-03-12 12:59 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-12 12:59 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-12 12:59 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-12 12:59 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-12 12:59 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-12 12:59 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-12 12:59 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-12 12:59 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml

2015-03-12 12:59 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2015-03-12 12:59 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll

2015-03-12 12:59 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

2015-03-12 12:59 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll

2015-03-12 12:59 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll

2015-03-12 12:59 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2015-03-12 12:59 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2015-03-12 12:59 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2015-03-12 12:59 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2015-03-12 12:59 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls

2015-03-12 12:59 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls

2015-03-12 12:58 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-03-12 12:58 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-03-12 12:58 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll

2015-03-12 12:58 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll

2015-03-12 12:58 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-12 12:58 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys

2015-03-12 12:58 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys

2015-03-12 12:58 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2015-03-12 12:58 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2015-03-12 12:58 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll

2015-03-12 12:58 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll

2015-03-12 12:58 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll

2015-03-12 12:58 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll

2015-03-12 12:58 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll

2015-03-12 12:58 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll

2015-03-12 12:58 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll

2015-03-12 12:58 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll

2015-03-12 12:58 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll

2015-03-12 12:58 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll

2015-03-12 12:58 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll

2015-03-12 12:58 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-12 12:58 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-12 12:58 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-03-12 12:58 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2015-03-12 12:58 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2015-03-12 12:58 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-03-12 12:58 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-12 12:58 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-03-12 12:58 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-03-12 12:58 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll

2015-03-12 12:58 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll

2015-03-12 12:58 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-12 12:58 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-12 12:57 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-12 12:57 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-12 12:57 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-12 12:57 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-03-12 12:57 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-12 12:57 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-12 12:57 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-12 12:57 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-12 12:57 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-12 12:57 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-12 12:57 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-12 12:57 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-12 12:57 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-12 12:57 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-12 12:57 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-03-12 12:57 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-12 12:57 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-12 12:57 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-12 12:57 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-03-12 12:57 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-03-12 12:57 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-03-12 12:57 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-12 12:57 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-12 12:57 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-12 12:57 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-12 12:57 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-12 12:57 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-03-12 12:57 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-03-12 12:57 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-12 12:57 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-03-12 12:57 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-12 12:57 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-12 12:57 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-12 12:57 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-12 12:57 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-12 12:57 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-12 12:57 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-12 12:57 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-12 12:57 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-12 12:56 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-12 12:56 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-12 12:56 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll

2015-03-12 12:56 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll

2015-03-12 12:56 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-12 12:56 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-12 12:56 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2015-03-12 12:56 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2015-03-12 12:56 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-12 12:56 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-12 12:56 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe

2015-03-12 12:47 - 2015-03-12 12:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software

2015-03-12 12:47 - 2015-03-12 12:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software

2015-03-08 19:33 - 2015-03-08 19:33 - 00000992 _____ () C:\Users\Luke\Desktop\GPU-Z.lnk

2015-03-08 19:32 - 2015-03-08 19:32 - 00001252 _____ () C:\Users\Luke\Desktop\OpenHardwareMonitor.lnk

2015-03-08 13:58 - 2015-03-08 13:58 - 00511764 _____ () C:\Users\Luke\Downloads\openhardwaremonitor-v0.7.1-beta.zip

2015-03-08 00:18 - 2015-03-08 00:19 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z

2015-03-08 00:10 - 2015-03-08 00:10 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Luke\Downloads\GPU-Z.0.8.1.exe

2015-03-08 00:03 - 2015-03-08 00:03 - 00000000 ____D () C:\Users\Luke\Documents\The Lord of the Rings Online

2015-03-08 00:03 - 2015-03-08 00:03 - 00000000 ____D () C:\Users\Luke\AppData\Local\Turbine

2015-03-06 10:51 - 2015-03-06 10:51 - 00000000 ____D () C:\Users\Luke\AppData\Local\My Games

2015-03-05 22:43 - 2015-03-05 22:43 - 00000000 ____D () C:\ProgramData\Steam

2015-03-05 22:42 - 2015-03-05 22:43 - 00000000 ____D () C:\ProgramData\PopCap Games

2015-03-05 17:52 - 2015-03-05 17:52 - 00831488 _____ () C:\Users\Luke\Downloads\Detection.msi

2015-02-28 17:32 - 2015-03-22 21:39 - 00000000 ____D () C:\Users\Luke\Desktop\Games

2015-02-28 00:18 - 2015-03-22 16:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-28 00:18 - 2015-02-28 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-28 00:18 - 2015-02-28 00:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-28 00:18 - 2014-11-21 07:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-28 00:18 - 2014-11-21 07:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-28 00:18 - 2014-11-21 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-27 22:46 - 2015-02-27 22:46 - 00451897 _____ () C:\Users\Luke\AppData\Local\census.cache

2015-02-27 22:46 - 2015-02-27 22:46 - 00179872 _____ () C:\Users\Luke\AppData\Local\ars.cache

2015-02-27 22:40 - 2015-02-27 22:40 - 00000010 _____ () C:\Users\Luke\AppData\Local\sponge.last.runtime.cache

2015-02-27 22:35 - 2015-02-27 22:35 - 00000036 _____ () C:\Users\Luke\AppData\Local\housecall.guid.cache

2015-02-27 22:35 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys

2015-02-27 14:11 - 2015-03-03 21:27 - 00000000 ____D () C:\Users\Luke\AppData\Local\Unity

2015-02-26 20:38 - 2015-02-27 21:52 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp

2015-02-25 11:02 - 2015-02-25 11:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luke\Downloads\mbam-setup-2.0.4.1028.exe

2015-02-21 17:29 - 2011-06-24 02:25 - 00000000 ____D () C:\Users\Luke\Documents\dolphin-3.0-win64

2015-02-21 16:25 - 2015-02-21 16:25 - 01178624 _____ () C:\Users\Luke\Downloads\Xpadder.exe

2015-02-21 13:50 - 2015-03-08 19:33 - 00000000 ____D () C:\Software

2015-02-20 17:08 - 2015-02-20 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

2015-02-20 17:08 - 2015-02-20 17:08 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories

2015-02-20 13:21 - 2015-02-20 13:21 - 00000000 ____D () C:\Users\Luke\Documents\SavedGames

2015-02-20 13:09 - 2015-02-20 13:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA

2015-02-20 13:08 - 2015-03-08 00:10 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\NVIDIA

2015-02-20 13:01 - 2015-02-20 13:01 - 00000000 ____D () C:\Users\Luke\AppData\Local\Steam


==================== One Month Modified Files and Folders =======


(If an entry is included in the fixlist, the file\folder will be moved.)


2015-03-22 22:49 - 2015-02-17 00:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-22 22:43 - 2015-02-09 15:08 - 00000000 ____D () C:\ProgramData\MFAData

2015-03-22 22:35 - 2015-02-09 15:30 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-22 22:21 - 2015-02-09 20:18 - 00000400 _____ () C:\Windows\Tasks\WpsNotifyTask_Luke.job

2015-03-22 22:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru

2015-03-22 21:55 - 2015-02-09 20:18 - 00000400 _____ () C:\Windows\Tasks\WpsUpdateTask_Luke.job

2015-03-22 21:12 - 2014-03-18 06:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-22 21:05 - 2015-02-12 16:38 - 00000000 ___RD () C:\Users\Luke\OneDrive

2015-03-22 21:05 - 2015-02-09 15:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-22 21:04 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-22 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-03-22 04:03 - 2015-02-09 14:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3778082141-2279527705-2530418812-1002

2015-03-22 03:00 - 2015-02-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-03-22 00:44 - 2015-02-09 14:13 - 00000000 ____D () C:\Users\Luke\AppData\Local\CrashDumps

2015-03-21 03:05 - 2015-02-09 17:28 - 00431452 _____ () C:\Windows\system32\Drivers\vsconfig.xml

2015-03-21 02:58 - 2013-08-22 10:44 - 00346824 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-21 02:36 - 2015-02-09 15:30 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-03-20 00:58 - 2014-10-10 13:50 - 00000000 ____D () C:\Program Files\Intel

2015-03-20 00:58 - 2014-07-25 08:49 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-20 00:45 - 2014-10-10 14:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-20 00:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Help

2015-03-19 19:52 - 2014-07-25 08:49 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-03-19 19:52 - 2014-07-25 08:49 - 00000000 ____D () C:\Program Files (x86)\Acer

2015-03-19 19:14 - 2015-02-09 14:08 - 00000000 ____D () C:\Users\Luke\AppData\Local\clear.fi

2015-03-19 19:12 - 2015-02-09 14:06 - 00000000 ____D () C:\Users\Luke

2015-03-19 10:46 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2015-03-17 11:05 - 2015-02-10 14:41 - 00080896 ___SH () C:\Users\Luke\Desktop\Thumbs.db

2015-03-16 22:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-03-15 05:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-03-14 12:12 - 2015-02-09 16:44 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\vlc

2015-03-13 18:16 - 2015-02-13 17:30 - 00000000 ____D () C:\Users\Luke\Documents\My Games

2015-03-13 17:48 - 2015-02-10 14:22 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-03-12 14:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-12 14:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-12 14:18 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore

2015-03-12 13:08 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-03-12 13:06 - 2015-02-09 14:57 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-12 13:03 - 2015-02-09 14:56 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-12 12:47 - 2015-02-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-03-04 17:24 - 2015-02-09 20:46 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-04 17:24 - 2015-02-09 20:46 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl


==================== Files in the root of some directories =======


2015-02-27 22:46 - 2015-02-27 22:46 - 0179872 _____ () C:\Users\Luke\AppData\Local\ars.cache

2015-02-27 22:46 - 2015-02-27 22:46 - 0451897 _____ () C:\Users\Luke\AppData\Local\census.cache

2015-02-27 22:35 - 2015-02-27 22:35 - 0000036 _____ () C:\Users\Luke\AppData\Local\housecall.guid.cache

2015-02-27 22:40 - 2015-02-27 22:40 - 0000010 _____ () C:\Users\Luke\AppData\Local\sponge.last.runtime.cache

2014-10-10 14:33 - 2014-10-10 14:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


Some content of TEMP:

====================

C:\Users\Luke\AppData\Local\Temp\Quarantine.exe

C:\Users\Luke\AppData\Local\Temp\sqlite3.dll



==================== Bamital & volsnap Check =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



LastRegBack: 2015-03-22 04:03


==================== End Of Log ============================

Share this post


Link to post
Share on other sites
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Luke at 2015-03-22 22:53:33

Running from C:\Users\Luke\Desktop\Security

Boot Mode: Normal

==========================================================



==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.06.2002.1 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)

AVG 2015 (Version: 15.0.4311 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Gotham City Impostors: Free To Play (HKLM-x32\...\Steam App 206210) (Version: - Monolith Productions, Inc.)

Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden

Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)

Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)

LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)

Neverwinter Nights Diamond Edition (HKLM-x32\...\GOGPACKNWNDIAMOND_is1) (Version: 2.0.0.15 - GOG.com)

Nox (HKLM-x32\...\GOGPACKNOX_is1) (Version: 2.0.0.20 - GOG.com)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)

Peggle Extreme (HKLM-x32\...\Steam App 3483) (Version: - PopCap Games, Inc.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)

RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)

ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version: - )

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)

South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Super Crate Box (HKLM-x32\...\Steam App 212800) (Version: - Vlambeer)

Super Monday Night Combat (HKLM-x32\...\Steam App 104700) (Version: - Uber Entertainment)

System Requirements Lab (HKLM-x32\...\{B35DBBD7-B42E-494A-8913-431A2E448131}) (Version: 6.1.1.0 - Husdawg, LLC)

System Requirements Lab Detection (HKLM-x32\...\{F0D0BB41-A74C-4BF3-8E1C-A8B7D0B78CBD}) (Version: 6.1.1.0 - Husdawg, LLC)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)

The Expendabros (HKLM-x32\...\Steam App 312990) (Version: - Free Lives)

TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

WPS Office (9.1.0.4941) (HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\...\Kingsoft Office) (Version: 9.1.0.4941 - Kingsoft Corp.)

ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)

ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden


==================== Custom CLSID (selected items): ==========================


(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


CustomCLSID: HKU\S-1-5-21-3778082141-2279527705-2530418812-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)


==================== Restore Points =========================


05-03-2015 17:53:41 Installed System Requirements Lab Detection

12-03-2015 13:00:19 Windows Update

19-03-2015 21:40:18 Installed System Requirements Lab Detection

21-03-2015 04:54:01 Installed Microsoft Visual C++ 2005 Redistributable (x64)


==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 09:25 - 2015-02-17 15:06 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com


There are 1000 more lines.



==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


Task: {0C293000-129E-48A4-BBD6-1269853B44F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)

Task: {19AEF55E-CCD6-49F1-AAFC-710DAE88D53B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {1C6EE6E5-B331-4AE2-B2EE-5AE6C72425C5} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)

Task: {1F950023-FB1F-4835-8FFE-8CE51DA527A7} - System32\Tasks\WpsUpdateTask_Luke => C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsupdate.exe [2015-02-09] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {2E3B358F-628A-4D43-ACA6-8D32082E97BF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)

Task: {322529DD-7F95-41A7-8842-8D67FA61372B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {3ED5350E-F568-45B4-95E2-6D416956ABFF} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)

Task: {40419F49-32E7-4A0B-B14E-393333BE2195} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)

Task: {529C6293-06C2-4975-A712-446638684CBC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17] (Adobe Systems Incorporated)

Task: {581B6D32-0E5C-4CA8-9457-4D1CAEE92097} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)

Task: {6EADAE4C-A96F-439E-99FC-0B24BB337DB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {707E8103-FD45-4B0F-8C5F-AF9E59DE4EBF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

Task: {8E2933BD-818D-46BB-9720-DEB5ABA17DD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)

Task: {9309F89B-890A-4039-86C9-BB574ADA57D0} - System32\Tasks\WpsNotifyTask_Luke => C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsnotify.exe [2015-02-09] (Zhuhai Kingsoft Office Software Co.,Ltd)

Task: {97B73684-2CBD-4559-BD69-63FBC549C85A} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()

Task: {A0751C90-8AFA-4A48-B9CD-54C33AB7ACF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)

Task: {AD8431F0-8FD5-4C92-B256-6219B8134F1A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()

Task: {BBFE053A-6F50-4B5B-A41C-B50BCA05BBD7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)

Task: {CC506101-8C85-4982-97B5-8C6026B43285} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {F649CBF2-F6A5-46C5-9326-7517DD1D06A3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\WpsNotifyTask_Luke.job => C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsnotify.exe

Task: C:\Windows\Tasks\WpsUpdateTask_Luke.job => C:\Users\Luke\AppData\Local\Kingsoft\WPS Office\9.1.0.4941\wtoolex\wpsupdate.exe


==================== Loaded Modules (whitelisted) ==============


2015-03-20 00:44 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-07-25 08:52 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-07-25 08:56 - 2014-07-01 17:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2013-09-09 16:13 - 2013-09-09 16:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

2014-02-26 01:14 - 2014-02-26 01:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-02-26 01:11 - 2014-02-26 01:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-02-26 01:17 - 2014-02-26 01:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2015-03-04 16:59 - 2015-03-04 16:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2015-03-04 16:59 - 2015-03-04 16:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-03-18 21:35 - 2014-03-07 12:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2015-02-09 21:18 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2015-02-09 21:18 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2015-02-09 21:18 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2015-02-09 21:18 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2015-02-09 21:18 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2015-03-04 16:59 - 2015-03-04 16:59 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2014-10-10 14:22 - 2013-12-09 19:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2014-07-25 08:56 - 2014-07-01 17:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2015-03-21 02:36 - 2015-03-14 06:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll

2015-03-21 02:36 - 2015-03-14 06:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll

2015-03-21 02:36 - 2015-03-14 06:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll


==================== Alternate Data Streams (whitelisted) =========


(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


AlternateDataStreams: C:\Users\Luke\OneDrive:ms-properties


==================== Safe Mode (whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"


==================== EXE Association (whitelisted) ===============


(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\Downloads\wallhaven-164350.jpg

DNS Servers: 192.168.1.1


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\Run32: => "Monitor"

HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\...\StartupApproved\Run: => "Pokki"


==================== Accounts: =============================


Administrator (S-1-5-21-3778082141-2279527705-2530418812-500 - Administrator - Disabled)

Guest (S-1-5-21-3778082141-2279527705-2530418812-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3778082141-2279527705-2530418812-1004 - Limited - Enabled)

Luke (S-1-5-21-3778082141-2279527705-2530418812-1002 - Administrator - Enabled) => C:\Users\Luke


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (03/22/2015 10:40:41 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:52 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:48 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:41 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 09:10:36 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


Error: (03/22/2015 00:45:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Game.exe, version: 1.1.0.0, time stamp: 0x3e257c94

Faulting module name: DDRAW.dll, version: 6.3.9600.17415, time stamp: 0x54503a5b

Exception code: 0xc0000005

Fault offset: 0x0004b57a

Faulting process id: 0x136c

Faulting application start time: 0xGame.exe0

Faulting application path: Game.exe1

Faulting module path: Game.exe2

Report Id: Game.exe3

Faulting package full name: Game.exe4

Faulting package-relative application ID: Game.exe5


Error: (03/22/2015 00:44:30 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Game.exe, version: 1.1.0.0, time stamp: 0x3e257c94

Faulting module name: Game.exe, version: 1.1.0.0, time stamp: 0x3e257c94

Exception code: 0xc0000005

Fault offset: 0x00105139

Faulting process id: 0x1e1c

Faulting application start time: 0xGame.exe0

Faulting application path: Game.exe1

Faulting module path: Game.exe2

Report Id: Game.exe3

Faulting package full name: Game.exe4

Faulting package-relative application ID: Game.exe5


Error: (03/21/2015 01:28:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20461 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 1a00


Start Time: 01d063b963a7ae64


Termination Time: 4294967295


Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe


Report Id: c0e11441-cfef-11e4-8270-f0761c322c40


Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe


Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1



System errors:

=============

Error: (03/22/2015 09:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Quick Access RadioMgr Service service terminated unexpectedly. It has done this 1 time(s).


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The User Experience Improvement Program service terminated unexpectedly. It has done this 1 time(s).


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Quick Access Service service terminated unexpectedly. It has done this 1 time(s).


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).


Error: (03/22/2015 09:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).



Microsoft Office Sessions:

=========================

Error: (03/22/2015 10:40:41 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\Security\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:52 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:48 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:41 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Desktop\esetsmartinstaller_enu.exe


Error: (03/22/2015 09:10:36 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Luke\Downloads\esetsmartinstaller_enu.exe


Error: (03/22/2015 00:45:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Game.exe1.1.0.03e257c94DDRAW.dll6.3.9600.1741554503a5bc00000050004b57a136c01d0645ae9e34426C:\GOG Games\Robin Hood - The Legend of Sherwood\Game.exeC:\Windows\SYSTEM32\DDRAW.dll34491df6-d04e-11e4-8270-f0761c322c40


Error: (03/22/2015 00:44:30 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Game.exe1.1.0.03e257c94Game.exe1.1.0.03e257c94c0000005001051391e1c01d0645ad237e051C:\GOG Games\Robin Hood - The Legend of Sherwood\Game.exeC:\GOG Games\Robin Hood - The Legend of Sherwood\Game.exe2041ec54-d04e-11e4-8270-f0761c322c40


Error: (03/21/2015 01:28:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.204611a0001d063b963a7ae644294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exec0e11441-cfef-11e4-8270-f0761c322c40microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1



==================== Memory info ===========================


Processor: Intel® Core i5-4210U CPU @ 1.70GHz

Percentage of memory in use: 30%

Total physical RAM: 8115.27 MB

Available physical RAM: 5623.49 MB

Total Pagefile: 9971.27 MB

Available Pagefile: 6830.68 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB


==================== Drives ================================


Drive c: (Acer) (Fixed) (Total:914.2 GB) (Free:745.29 GB) NTFS


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 46D3C4A8)


Partition: GPT Partition Type.


==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Spybot isn't something I would currently recommend. Malwarebytes Anti-Malware would be better, and running Spybot Search & Destroy in addition to Malwarebytes would be redundant. I would not run both. There's no problem with ZoneAlarm, but there are some that I think are better, such as Comodo Firewall or Privatefirewall. There's nothing wrong with CCleaner as long as you don't use the Registry cleaner function. The small gain you might get from a Registry cleaner is far outweighed by the system damage that they have the potential to cause. Lastly, HijackThis hasn't been useful for quite some time against today's malware.

thirdly, i noticed pokki somewhere on one of my logs... i have fought with this thing several times but it seems to keep hanging around. will this get rid of it?

 

We should be able to find the program and remove it, but it could always be installed again if you run the program that installed it, or another file downloaded from the same site that may be wrapping programs in an installer to add unwanted programs (see this topic), or visit a site that may have installed it through a vulnerability (such as a drive-by-install).


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3778082141-2279527705-2530418812-1002 -> {7D272C4F-1EB3-4A73-9739-37C3EEA9EB87} URL =
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
AlternateDataStreams: C:\Users\Luke\OneDrive:ms-properties

end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

Please download SystemLook_x64 from one of the links below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe
http://images.malwar...temLook_x64.exe

 

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield
:filefind
*pokki*
:folderfind
*pokki*
:regfind
pokki
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Please post the log from FRST (Fixlog.txt), the log from SystemLook (SystemLook.txt), and note any errors encountered.

Share this post


Link to post
Share on other sites
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Luke at 2015-03-23 05:37:42 Run:1

Running from C:\Users\Luke\Desktop\FRST

Loaded Profiles: Luke (Available profiles: Luke)

Boot Mode: Normal

==============================================


Content of fixlist:

*****************

start


Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (No File)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3778082141-2279527705-2530418812-1002 -> {7D272C4F-1EB3-4A73-9739-37C3EEA9EB87} URL =

S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]

S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]

AlternateDataStreams: C:\Users\Luke\OneDrive:ms-properties


end

*****************


HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.

C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-3778082141-2279527705-2530418812-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D272C4F-1EB3-4A73-9739-37C3EEA9EB87}" => Key deleted successfully.

HKCR\CLSID\{7D272C4F-1EB3-4A73-9739-37C3EEA9EB87} => Key not found.

McAfee SiteAdvisor Service => Service deleted successfully.

McComponentHostService => Service deleted successfully.

"C:\Users\Luke\OneDrive" => ":ms-properties" ADS not found.


==== End of Fixlog 05:37:58 ====







SystemLook 30.07.11 by jpshortstuff

Log created at 05:39 on 23/03/2015 by Luke

Administrator - Elevation successful


========== filefind ==========


Searching for "*pokki*"

No files found.


========== folderfind ==========


Searching for "*pokki*"

C:\Users\Public\Pokki d------ [18:11 09/02/2015]


========== regfind ==========


Searching for "pokki"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]

"SBOEM3"="%ALLUSERSPROFILE%\Pokki\Pokki Start Menu.lnk"


-= EOF =-

Share this post


Link to post
Share on other sites

Im pretty sure that the pokki was preloaded on the comp. i "uninstalled" it on day one but there keeps being folders that pop up... any idea what program is bundled with it? my laptop is acer aspire v3-572g..... and as far as sites that i frequent the only i have question about are newgrounds and emuparadise.... are they malicious?

 

sorry, another question. i notice that i have malwarebytes which is under your malware suggestions, but i dont think i have anything fitting under the spyware/adware category... should i download one of those or am i missing something...? sorry for my incompetence

Edited by BraidedDuke5

Share this post


Link to post
Share on other sites

Pokki isn't one I've heard of before, not sure where it came from, although I did find one reference to it apparently pre-installed on a Lenovo system.

 

I would consider Malwarebytes Anti-Malware in the same category as an anti-spyware tool. although different in function from a HOSTS file, such as MVPS HOSTS File.

 

i have question about are newgrounds and emuparadise.... are they malicious?

 

I didn't see much information on them at Web of Trust (WOT). While one user said emuparadise was untrustworthy, there was only the one review.

 

Using Windows Explorer, delete the following folder:
C:\Users\Public\Pokki

If you can't see the folder, you may need to unhide hidden files folders. See the instructions here (be sure to re-hide hidden folders when finished):
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

 

Please run Notepad and paste the following text in the Code box into a new file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM3"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. A window will open and quickly close.

 

How is the system running? If no further problems, we can proceed to cleanup the files that we used.

Share this post


Link to post
Share on other sites

ok so i opened notepad, copied and pasted the text inside box, changed type to all files, named fix.reg and chose to save to desktop. it saved and appeared as an icon with a cubed display of blue boxes.... when i double click first i am prompted with "user account control do you want the following o be able etc etc... program type registry editor" i click allow. next popup, titled registry editor, containing the text "adding information can unintentionally change or delete values and cause components to stop working correctly, if you do not trust the source of this information in C:\Users\Luke\Desktop\fix.reg, do not add it to the registry.

 

Are you sure you want to continue?"

 

i click yes

 

next pop up labeled registry editor

test inside box reads "Cannot import C:\Users\Luke\Desktop\fix.reg: The specific file is not a registry script. You can only import binary registry files from within the registry editor."

 

ok is the only option from here.........

Share this post


Link to post
Share on other sites

Something happened, the full text that should have been there in the above post isn't complete. Let's try again.

 

Please run Notepad and paste the following text in the Code box into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM3"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. A window will open and quickly close.

 

There was no problem this time, correct?

 

Share this post


Link to post
Share on other sites

Your flash player is out of date and vulnerable.
Please go to Start > Control Panel > Progrmas and Features and uninstall the following program:
Adobe Flash Player 16 NPAPI

Then open your browser and go here to download and install the current verison of Adobe Flash:
http://get.adobe.com/

Be sure to uncheck the box for McAfee Security Scan Plus (unless you really want it) and click the Install Now button. When Installing, I recommned you set the update option to automatically update.

You can now delete the following tools and any logs they created:
DDS

TFC
Security Check
AdwCleaner (run the program and click Uninstall)
Farbar Recovery Scan Tool (and delete the folder C:\FRST)

SystemLook

fix.reg (that you created)

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

Share this post


Link to post
Share on other sites

so, i did everything and it seemed to be running good, then i upgraded my adobe flash, switched from chrome to firefox, switched from zonealarm to privatefirewall, and switched from avg to avira. then i started having problems with freezing. next time i booted my comp it froze before i could get logged on, then i got on and it froze when i exited NWN. then i got rid of private firewall and got comodo. then my comp froze when i launched NOX. what is causing this? a friend came over later that day and told me that firefox had recently caused her problems... i have since switched back to chrome, avg, and zonealarm, and things are running smoothly. no freezes so far. whats going on?

 

o and i also got the file hippo updater, but i kept it and things are doing fine.

Edited by BraidedDuke5

Share this post


Link to post
Share on other sites

From your description you changed multiple items before having the problems (firewall, antivirus, and browser), so there's really no way to tell where the problem was.

 

and i also got the file hippo updater, but i kept it and things are doing fine.

 

I'm glad to hear that things are working well now. :thumbup:

Share this post


Link to post
Share on other sites

Hm, i thought u might have some info (or at least want to look into) on which of the software u are recommending that cripples ones pc......

 

dont want to be disrespectful, but if i can upgrade my security i would like to, but crashes should not occur. maybe only one program was doing it and the others were fine???

Edited by BraidedDuke5

Share this post


Link to post
Share on other sites

The software I recommended doesn't cripple a PC. Problems are typically configuration issues, or in some cases incompatibilities with other programs. As I said, as you changed multiple programs (firewall, antivirus, and browser) and then noted there was an issue, there's no way to tell which program it was that caused the problem. To do that, you would need to change one program at a time and see how the system performed. And you would need to better describe the problem. What does freezing mean? Did the system lock up completely and need to be rebooted, were there intermittent pauses?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now