My computer is a Lenovo Z40-70 laptop. It is infected with something that has been making it run increasingly slow, especially whenever in web-browsers; as well as causing a number of other problems including making my built in webcam not work any more (its still detected in device manager, but shows a black screen or gives an error message "Camera is in use by another app. Close that app and try again" when I try to turn it).
I have had the free version of AVG running as my primary antivirus, but have downloaded a number of other things to try to figure out what the problem is as suggested to me by various people. I have run Spybot S&D, Hitman Pro, tdsskiller, AdwCleaner, and Malwarebytes. AVG, spybot, and adwcleaner have all found a number of problems that I believe to be more caused by whatever is the root of the problem. I then ran sfc/scannow which found a number of problems which it fixed some of, but not all of. After running sfc/scannow and restarting the computer, the computer is running much more smoothly than it has been (but not as quick as before the problem still, webcam still doesn't work, etc.), but now a number of error messages pop up at start up including:
BTServer.exe - System Error
The Program can't start because mfc110u.dll is missing from your computer. Try reinstalling the program to fix the problem
RunDLL
There was a problem starting C:\Program Files (x86)\Lenovo\PowerMgr\PWRMGRV.ocx
This application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
(This one shows up twice)
As well as a number of similar messages in regards to AVG not being able to start. Tyring to open AVG at this point just opened an empty blue window, so I uninstalled, and trying to re-install just presents me with an error message and fails. I ran Malwarebytes again at this point, and it detected Heuristic.Reserved.Word.Exploit malware. Whether or not Malwarebytes actually got rid of the root of the problem this time, I do not know, but am left with all the residual problems it caused. Looking for help to clean everything up and get everything running normally again. All requested logs will follow. Thanks!
Logs:
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Lorn (administrator) on LORNSLAPTOP (25-01-2016 15:36:36)
Running from C:\Users\Lorn\Desktop
Loaded Profiles: UpdatusUser & Lorn (Available Profiles: UpdatusUser & Lorn & pooter)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Users\Lorn\AppData\Local\Apps\2.0\CJTBYB5H.0QE\HZPMNTK5.B34\lsb...tion_91a10ba61c75c82d_0001.0006_f185aae74f563194\LSB.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddpe.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Lorn\Downloads\AVG_Protection_Free_698.exe
(AVG Technologies CZ, s.r.o.) C:\Users\Lorn\AppData\Local\Temp\7zSCD71B3B5\avgsetupx.exe
(AVG Technologies CZ, s.r.o.) C:\ProgramData\AVG\Setup\_Temp\3cfd8142-f5c6-47cc-a0bf-c141f79fc59d\avgsetupwrkx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2014-03-05] ()
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329704 2010-06-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [Spotify Web Helper] => C:\Users\Lorn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-16] (Spotify Ltd)
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [Spotify] => C:\Users\Lorn\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-09-16] (Spotify Ltd)
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\MountPoints2: {2ad1b564-c361-11e4-8285-1008b17b2c6e} - "F:\ZTE_Handset_USB_Driver.exe"
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\MountPoints2: {d093ff6e-42fb-11e5-82a8-1008b17b2c6e} - "F:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-3574037338-378681773-173497233-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\logon.scr
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3574037338-378681773-173497233-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3574037338-378681773-173497233-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{6E28B74E-9B56-4902-A920-D1D15A5E364D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3574037338-378681773-173497233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3574037338-378681773-173497233-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3574037338-378681773-173497233-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3574037338-378681773-173497233-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {8A005B2A-8C7C-4E36-B92B-59A7B799E363} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> DefaultScope {8554C2D2-8DED-48D6-A96E-FAD3FFA49DED} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {8554C2D2-8DED-48D6-A96E-FAD3FFA49DED} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3574037338-378681773-173497233-1002 -> {8A005B2A-8C7C-4E36-B92B-59A7B799E363} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3574037338-378681773-173497233-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Lorn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-20] (Citrix Online)
FF Extension: RAMBack - C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056\extensions\ramback@pavlov.net.xpi [2016-01-11]
FF Extension: Adblock Plus - C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Profiles\ioeqg5cx.default-1433829270056\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [79872 2014-01-06] () [File not signed]
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-23] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-07-16] (Lenovo Group Limited (R))
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-05] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-23] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-31] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-25 15:09 - 2016-01-25 15:09 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Lorn\Downloads\AVG_Protection_Free_698.exe
2016-01-25 14:57 - 2016-01-25 14:57 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-01-25 14:13 - 2016-01-25 14:15 - 00049869 _____ C:\Users\Lorn\Desktop\Addition.txt
2016-01-25 14:12 - 2016-01-25 15:36 - 00020631 _____ C:\Users\Lorn\Desktop\FRST.txt
2016-01-25 14:12 - 2016-01-25 15:36 - 00000000 ____D C:\FRST
2016-01-25 14:08 - 2016-01-25 14:08 - 02370560 _____ (Farbar) C:\Users\Lorn\Desktop\FRST64.exe
2016-01-25 13:14 - 2016-01-25 13:15 - 05652316 _____ (Swearware) C:\Users\Lorn\Desktop\ComboFix.exe
2016-01-25 13:14 - 2016-01-25 13:14 - 00852720 _____ C:\Users\Lorn\Desktop\SecurityCheck.exe
2016-01-25 01:21 - 2016-01-25 01:22 - 52988120 _____ (Microsoft Corporation) C:\Users\Lorn\Downloads\Windows-KB890830-x64-V5.32.exe
2016-01-25 00:58 - 2016-01-25 00:59 - 00000000 ____D C:\Users\Lorn\AppData\Local\NVIDIA
2016-01-25 00:58 - 2015-12-16 09:34 - 01846016 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2016-01-25 00:58 - 2015-12-16 09:34 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2016-01-25 00:58 - 2015-12-16 09:34 - 01530240 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2016-01-25 00:58 - 2015-12-16 09:34 - 01316184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2016-01-25 00:58 - 2015-12-16 09:34 - 00111520 _____ C:\windows\system32\NvRtmpStreamer64.dll
2016-01-25 00:56 - 2016-01-25 00:56 - 00000000 ____D C:\windows\LastGood.Tmp
2016-01-25 00:55 - 2015-12-16 09:34 - 42977072 _____ C:\windows\system32\nvcompiler.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 37609080 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 31061624 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 24895792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 21122456 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 20663816 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 18716176 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 17561432 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 17156968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 16981976 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 16286888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 14005408 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 12334200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-01-25 00:55 - 2015-12-16 09:34 - 03637352 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 03168376 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 02755704 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 01915696 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436143.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 01564976 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436143.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00938104 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00872056 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00734512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00681592 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00175368 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00153392 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00072504 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00069416 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2016-01-25 00:55 - 2015-12-16 09:34 - 00050472 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2016-01-25 00:54 - 2016-01-25 00:54 - 00000000 ____D C:\NVIDIA
2016-01-25 00:48 - 2016-01-25 00:54 - 336974040 _____ (NVIDIA Corporation) C:\Users\Lorn\Downloads\361.43-notebook-win8-win7-64bit-international-whql.exe
2016-01-25 00:46 - 2016-01-25 00:46 - 00643680 _____ (Oracle Corporation) C:\Users\Lorn\Downloads\jxpiinstall.exe
2016-01-24 16:34 - 2016-01-24 16:36 - 56222755 _____ C:\Users\Lorn\Desktop\Voynich-Manuscript.pdf
2016-01-24 16:34 - 2016-01-24 16:36 - 56143825 _____ C:\Users\Lorn\Desktop\CodexSeraphinianus.pdf
2016-01-23 01:40 - 2016-01-23 01:40 - 00002018 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\LSC
2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-01-23 01:40 - 2016-01-23 01:40 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-01-23 01:38 - 2016-01-23 01:39 - 00000000 ____D C:\Users\Lorn\AppData\Local\LenovoServiceBridge
2016-01-23 01:38 - 2016-01-23 01:38 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-01-23 01:37 - 2016-01-23 01:38 - 00000000 ____D C:\Users\Lorn\AppData\Local\Deployment
2016-01-23 01:37 - 2016-01-23 01:37 - 00000000 ____D C:\Users\Lorn\AppData\Local\Apps\2.0
2016-01-23 01:37 - 2015-05-27 14:13 - 00402136 _____ (Realsil Semiconductor Corporation) C:\windows\system32\Drivers\RtsUer.sys
2016-01-23 01:37 - 2014-10-20 17:50 - 00083160 _____ (Realtek Semiconductor.) C:\windows\system32\RtCRX64.dll
2016-01-23 01:37 - 2014-01-27 13:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
2016-01-23 01:35 - 2016-01-23 01:36 - 25329640 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2uz7019f(1).exe
2016-01-23 01:35 - 2016-01-23 01:36 - 06345976 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2tlk01af.exe
2016-01-23 01:34 - 2016-01-23 01:34 - 00500816 _____ () C:\Users\Lorn\Downloads\LSBsetup.exe
2016-01-23 00:55 - 2016-01-23 00:55 - 00000000 ____D C:\windows\AUInstallAgent
2016-01-23 00:49 - 2016-01-23 00:50 - 11788560 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\g1c814ww.exe
2016-01-22 20:23 - 2016-01-22 20:23 - 01319424 _____ (niemiro) C:\Users\Lorn\Downloads\SFCFix.exe
2016-01-22 19:57 - 2016-01-22 19:57 - 00001126 _____ C:\Users\Lorn\Desktop\SFCFix.txt
2016-01-22 19:57 - 2016-01-22 19:57 - 00000000 ____D C:\SFCFix
2016-01-22 18:09 - 2016-01-22 18:09 - 00480763 _____ C:\Users\Lorn\Desktop\SFCFix.zip
2016-01-21 15:46 - 2016-01-22 17:20 - 00000000 ____D C:\AdwCleaner
2016-01-21 15:43 - 2016-01-21 15:46 - 00483348 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_15.43.16_log.txt
2016-01-21 15:42 - 2016-01-21 15:42 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Lorn\Desktop\WiNlOgOn64.exe
2016-01-21 15:42 - 2016-01-21 15:42 - 00000560 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_15.42.29_log.txt
2016-01-20 02:17 - 2013-10-18 03:36 - 06340312 _____ (Realtek semiconductor) C:\windows\RTFTrack.exe
2016-01-20 02:17 - 2013-10-18 03:36 - 02628312 _____ (Realtek Semiconductor Corp.) C:\windows\RtCamU64.exe
2016-01-20 02:17 - 2013-10-18 03:36 - 00463576 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtCamX64.dll
2016-01-20 02:17 - 2013-10-18 03:36 - 00411352 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtCamX.dll
2016-01-20 02:01 - 2013-10-18 03:36 - 08876248 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
2016-01-20 01:59 - 2016-01-20 02:00 - 25329640 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\2uz7019f.exe
2016-01-20 01:58 - 2016-01-20 02:00 - 23334526 _____ C:\Users\Lorn\Downloads\Win8_Camera.exe
2016-01-20 01:56 - 2016-01-20 01:56 - 08583576 _____ (Lenovo Group ) C:\Users\Lorn\Downloads\IN1CAM16WW5.exe
2016-01-20 01:53 - 2016-01-20 01:53 - 20113400 _____ (Lenovo Group Limited ) C:\Users\Lorn\Downloads\h1c307ww.exe
2016-01-17 15:19 - 2016-01-17 15:19 - 00236236 _____ C:\TDSSKiller.3.1.0.9_17.01.2016_15.19.29_log.txt
2016-01-17 15:14 - 2016-01-25 14:11 - 00001616 _____ C:\Users\Lorn\Desktop\Rkill.txt
2016-01-17 15:06 - 2016-01-17 15:06 - 01505280 _____ C:\Users\Lorn\Desktop\AdwCleaner.exe
2016-01-17 14:17 - 2016-01-17 14:17 - 00090060 _____ C:\Users\Lorn\Desktop\Extras.Txt
2016-01-17 14:16 - 2016-01-17 14:16 - 00109294 _____ C:\Users\Lorn\Desktop\OTL.Txt
2016-01-17 13:54 - 2016-01-17 13:56 - 00236094 _____ C:\TDSSKiller.3.1.0.9_17.01.2016_13.54.59_log.txt
2016-01-17 13:49 - 2016-01-17 13:49 - 00602112 _____ (OldTimer Tools) C:\Users\Lorn\Desktop\OTL.exe
2016-01-17 13:47 - 2016-01-17 13:47 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Lorn\Desktop\tdsskiller.exe
2016-01-13 16:49 - 2015-12-09 16:40 - 00033456 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-13 16:49 - 2015-11-17 13:07 - 01380864 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-13 16:49 - 2015-11-17 13:07 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-13 16:49 - 2015-11-17 13:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-13 13:18 - 2015-12-10 20:38 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-13 13:18 - 2015-12-10 20:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-13 13:18 - 2015-12-10 19:55 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-13 13:18 - 2015-12-10 19:50 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-13 13:18 - 2015-12-10 19:45 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-13 13:18 - 2015-12-10 19:21 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-13 13:18 - 2015-12-10 19:18 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-13 13:18 - 2015-12-10 19:09 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-01-13 13:18 - 2015-12-10 19:09 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-13 13:18 - 2015-12-10 19:03 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-13 13:18 - 2015-12-10 18:59 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-13 13:18 - 2015-12-10 18:43 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-13 13:18 - 2015-12-10 18:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-01-13 13:18 - 2015-12-10 18:38 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-13 13:18 - 2015-12-10 18:37 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-13 13:18 - 2015-12-10 18:35 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-13 13:18 - 2015-12-10 18:26 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-13 13:18 - 2015-12-10 18:14 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-13 13:18 - 2015-12-10 18:12 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-13 13:18 - 2015-12-10 18:08 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-13 13:18 - 2015-12-10 18:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 02745184 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 02528784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 02450240 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 02447136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 02334104 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 02324744 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 01877504 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 01484888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 01288128 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 01210200 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 01150232 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 01115640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 01037680 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00914672 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00850680 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00735496 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00700360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00629600 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00584656 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00557856 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00498472 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00492736 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00463776 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00399776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00299080 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00275312 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00274280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00250520 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00248432 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00246856 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00244296 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00229272 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00203016 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00184912 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00183856 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00116720 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00110544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00099136 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-13 13:15 - 2015-12-04 21:58 - 00090904 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00090392 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00081032 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-13 13:15 - 2015-12-04 21:58 - 00076936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-13 13:15 - 2015-12-03 10:07 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-13 13:15 - 2015-12-03 10:07 - 00289792 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-13 13:15 - 2015-12-03 10:05 - 00644608 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-13 13:15 - 2015-12-03 10:02 - 01664000 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-13 13:15 - 2015-12-03 10:00 - 00451072 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-13 13:15 - 2015-12-03 09:36 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-13 13:15 - 2015-12-03 09:30 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-13 13:15 - 2015-12-03 09:28 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-13 13:15 - 2015-12-03 09:28 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-13 13:15 - 2015-12-03 09:27 - 00736256 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-13 13:15 - 2015-12-03 09:24 - 01411584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 13:15 - 2015-12-03 09:23 - 00402432 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-13 13:15 - 2015-12-03 09:06 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-13 13:15 - 2015-12-03 09:01 - 00743936 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 13:15 - 2015-12-03 08:40 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-13 13:15 - 2015-12-03 08:29 - 00887296 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 13:15 - 2015-12-02 07:04 - 00670208 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-13 13:15 - 2015-12-02 07:01 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-13 13:14 - 2015-12-30 11:32 - 07453016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-13 13:14 - 2015-12-30 11:32 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-13 13:14 - 2015-12-30 11:32 - 01499912 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-13 13:14 - 2015-12-10 16:13 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-13 13:14 - 2015-12-10 16:13 - 00705024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-13 13:14 - 2015-12-10 16:13 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-13 13:14 - 2015-12-10 16:13 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-13 13:14 - 2015-12-03 11:42 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-01-13 13:14 - 2015-12-03 11:42 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-01-13 13:14 - 2015-12-03 11:42 - 00137968 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-13 13:14 - 2015-12-03 11:42 - 00106960 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2016-01-13 13:14 - 2015-12-03 11:41 - 00177488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-13 13:14 - 2015-12-03 10:52 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-01-13 13:14 - 2015-12-03 10:52 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-13 13:14 - 2015-12-03 10:52 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2016-01-13 13:14 - 2015-12-03 10:28 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-13 13:14 - 2015-12-03 10:28 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-13 13:14 - 2015-12-03 09:51 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-01-13 13:14 - 2015-12-03 09:16 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-01-13 13:14 - 2015-12-03 09:13 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-13 13:14 - 2015-12-03 09:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-13 13:14 - 2015-12-03 08:45 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-13 13:13 - 2015-12-07 02:56 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-13 13:13 - 2015-12-04 07:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-13 13:11 - 2015-12-08 11:08 - 00685432 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-13 13:11 - 2015-12-08 11:07 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-12-29 02:03 - 2015-12-29 02:03 - 00000000 ____D C:\Users\Lorn\Documents\Nexus Mod Manager
2015-12-29 02:03 - 2015-12-29 02:03 - 00000000 ____D C:\Users\Lorn\AppData\Local\Black_Tree_Gaming
2015-12-29 01:58 - 2015-12-29 01:58 - 00000913 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-12-29 01:58 - 2015-12-29 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-12-29 01:58 - 2015-12-29 01:58 - 00000000 ____D C:\Program Files\Nexus Mod Manager
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-25 15:33 - 2014-11-25 16:11 - 00000000 ____D C:\ProgramData\AVG
2016-01-25 15:33 - 2014-11-25 15:00 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-25 15:32 - 2015-10-28 16:20 - 00000000 ____D C:\Users\Lorn\AppData\Local\AvgSetupLog
2016-01-25 15:14 - 2014-03-18 01:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-25 15:14 - 2013-08-22 05:36 - 00000000 ____D C:\windows\Inf
2016-01-25 15:13 - 2014-09-30 18:24 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3574037338-378681773-173497233-1002
2016-01-25 15:08 - 2015-11-12 22:36 - 00000000 ____D C:\Users\Lorn\AppData\Local\CrashDumps
2016-01-25 15:08 - 2014-09-30 18:20 - 00000000 ___DO C:\Users\Lorn\OneDrive
2016-01-25 15:08 - 2013-08-22 06:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-25 15:04 - 2014-11-25 16:15 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg
2016-01-25 15:04 - 2014-11-25 14:58 - 00000000 ____D C:\ProgramData\MFAData
2016-01-25 15:03 - 2013-08-22 07:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-01-25 14:57 - 2014-09-30 22:12 - 00000000 ____D C:\Program Files\Vuze
2016-01-25 14:14 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-25 14:09 - 2014-03-18 01:38 - 00000000 ____D C:\windows\ShellNew
2016-01-25 14:09 - 2013-08-22 05:25 - 00524288 ___SH C:\windows\system32\config\BBI
2016-01-25 11:57 - 2015-10-30 11:31 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 02:52 - 2014-10-01 01:43 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Skype
2016-01-25 02:28 - 2014-10-01 01:43 - 00000000 ____D C:\ProgramData\Skype
2016-01-25 01:22 - 2014-09-30 19:11 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-25 01:13 - 2014-10-01 02:39 - 00000000 ____D C:\Users\Lorn\AppData\LocalLow\Adblock Plus for IE
2016-01-25 00:59 - 2014-09-23 03:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-25 00:58 - 2014-09-23 03:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-25 00:58 - 2014-09-23 03:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-25 00:57 - 2014-09-23 03:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-25 00:47 - 2015-11-01 15:10 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-25 00:47 - 2015-11-01 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-25 00:47 - 2015-11-01 15:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-25 00:47 - 2015-11-01 14:26 - 00000000 ____D C:\Users\Lorn\.oracle_jre_usage
2016-01-25 00:47 - 2014-10-23 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-01-24 18:42 - 2014-10-12 17:20 - 01379328 ___SH C:\Users\Lorn\Downloads\Thumbs.db
2016-01-24 02:11 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 02:11 - 2013-08-22 07:36 - 00000000 ____D C:\windows\AppReadiness
2016-01-23 01:40 - 2014-10-13 18:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\windows\Downloaded Installations
2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\ProgramData\Lenovo
2016-01-23 01:40 - 2014-09-23 04:25 - 00000000 ____D C:\Program Files\lenovo
2016-01-23 01:37 - 2014-09-23 03:42 - 00000000 ____D C:\windows\SysWOW64\sda
2016-01-23 01:37 - 2014-09-23 03:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-23 00:57 - 2014-10-07 14:46 - 00000000 ____D C:\Users\Lorn\AppData\Local\ElevatedDiagnostics
2016-01-23 00:51 - 2014-09-23 03:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-23 00:43 - 2013-08-22 07:36 - 00000000 __RSD C:\windows\Media
2016-01-22 20:09 - 2014-10-13 18:07 - 00000000 ____D C:\Users\Lorn\AppData\Local\Adobe
2016-01-22 19:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-22 19:51 - 2013-08-22 07:20 - 00000000 ____D C:\windows\CbsTemp
2016-01-22 19:18 - 2015-08-13 16:39 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-22 17:33 - 2014-09-23 03:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-22 17:29 - 2014-10-24 01:27 - 00000000 ____D C:\Users\Public\Games
2016-01-22 17:28 - 2014-10-13 19:15 - 00000000 ____D C:\ProgramData\Ableton
2016-01-22 17:22 - 2015-11-01 14:31 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\.minecraft
2016-01-22 17:22 - 2015-01-03 20:09 - 00000000 ____D C:\Games
2016-01-22 14:16 - 2013-08-22 05:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-01-20 01:57 - 2013-08-22 05:25 - 00000116 _____ C:\windows\win.ini
2016-01-18 17:10 - 2015-02-02 17:33 - 00000000 ____D C:\Users\Lorn\Desktop\Games
2016-01-17 15:34 - 2015-08-03 19:45 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-17 12:16 - 2015-06-24 18:40 - 00367616 ___SH C:\Users\Lorn\Desktop\Thumbs.db
2016-01-17 11:20 - 2014-09-30 22:11 - 00000000 ____D C:\Users\Lorn\Documents\Vuze Downloads
2016-01-17 02:31 - 2015-08-06 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 02:26 - 2014-09-30 22:12 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\Azureus
2016-01-16 00:59 - 2015-08-06 18:00 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-16 00:59 - 2015-08-06 18:00 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-16 00:59 - 2015-07-07 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-16 00:45 - 2014-10-12 00:35 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\vlc
2016-01-15 15:37 - 2013-08-22 07:36 - 00000000 ____D C:\windows\rescache
2016-01-15 11:56 - 2015-04-18 09:23 - 00000000 ____D C:\windows\system32\appraiser
2016-01-15 11:56 - 2015-03-05 09:51 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-14 13:49 - 2014-10-06 00:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 13:49 - 2014-10-06 00:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 13:48 - 2014-09-30 19:11 - 00000000 ____D C:\windows\system32\MRT
2016-01-13 15:37 - 2014-10-06 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 13:28 - 2014-11-25 16:16 - 00000000 ____D C:\Users\Lorn\AppData\Roaming\AVG
2016-01-12 21:04 - 2015-09-27 23:56 - 00007607 _____ C:\Users\Lorn\AppData\Local\Resmon.ResmonCfg
2016-01-11 14:01 - 2015-08-05 17:55 - 00000000 ____D C:\ProgramData\AVG2015
2016-01-11 14:00 - 2015-08-05 17:49 - 00000000 ____D C:\Users\Lorn\AppData\Local\Avg2015
2016-01-11 13:59 - 2013-08-22 07:36 - 00000000 ____D C:\windows\LiveKernelReports
2016-01-11 13:44 - 2014-09-30 18:19 - 00000000 ____D C:\Users\Lorn
2016-01-11 00:28 - 2013-08-22 07:36 - 00000000 ____D C:\windows\system32\NDF
2016-01-10 19:56 - 2015-08-05 19:46 - 00000000 ____D C:\Users\pooter
2016-01-10 19:51 - 2014-09-23 03:39 - 00000000 ____D C:\Users\UpdatusUser
2016-01-05 12:04 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 12:04 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 02:05 - 2015-11-11 11:59 - 00000000 ____D C:\Users\Lorn\AppData\Local\Fallout4
==================== Files in the root of some directories =======
2014-09-30 19:48 - 2014-09-30 19:48 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Lorn\AppData\Roaming\msvcr90-ruby191.dll
2015-01-04 17:05 - 2015-01-04 17:05 - 0000064 _____ () C:\Users\Lorn\AppData\Local\506c5a37eebffb83f05a958c693e43b0
2014-09-30 18:19 - 2016-01-22 19:58 - 1849971 _____ () C:\Users\Lorn\AppData\Local\BTServer.log
2015-09-27 23:56 - 2016-01-12 21:04 - 0007607 _____ () C:\Users\Lorn\AppData\Local\Resmon.ResmonCfg
2015-04-09 19:55 - 2015-04-09 19:55 - 0011728 _____ () C:\Users\Lorn\AppData\Local\Temp-log.txt
2015-06-08 21:48 - 2015-06-08 21:48 - 0000000 _____ () C:\Users\Lorn\AppData\Local\Temp.dat
2014-09-23 03:50 - 2014-09-23 03:50 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-16 17:40
==================== End of FRST.txt ============================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Lorn (2016-01-25 14:13:13)
Running from C:\Users\Lorn\Desktop
Windows 8.1 (X64) (2014-10-01 02:19:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3574037338-378681773-173497233-500 - Administrator - Disabled)
Guest (S-1-5-21-3574037338-378681773-173497233-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3574037338-378681773-173497233-1004 - Limited - Enabled)
Lorn (S-1-5-21-3574037338-378681773-173497233-1002 - Administrator - Enabled) => C:\Users\Lorn
pooter (S-1-5-21-3574037338-378681773-173497233-1005 - Limited - Enabled) => C:\Users\pooter
UpdatusUser (S-1-5-21-3574037338-378681773-173497233-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Dead Rising 2: OTR (HKLM-x32\...\GFWL_{43430FA2-C625-49DA-8882-351000008300}) (Version: 1.0.0000.131 - Capcom)
Dead Rising 2: OTR (x32 Version: 1.0.0000.131 - Capcom) Hidden
Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version: - Macecraft Software)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
EPSON USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.45.000 - SEIKO EPSON CORPORATION)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout New Vegas - Ultimate Edition (HKLM-x32\...\Fallout New Vegas - Ultimate Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Hotline Miami 2: Wrong Number_is1) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\cbe8636f7dd0cf1d) (Version: 1.6.2.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.802.010814 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Skypeâ„¢ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
the static speaks my name (HKLM-x32\...\Steam App 387860) (Version: - Jesse Barksdale)
Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Velvet Sundown (HKLM-x32\...\Steam App 307290) (Version: - Tribe Studios)
version 5.13.415.31/1.0.0.27/3.4.5.11(H1C307WW) (HKLM-x32\...\{4AD4461B-8BD4-4354-805C-E97E7A404906}_is1) (Version: - Lenovo Group Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01D23920-F812-4893-82F7-D491B0B87596} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {12921B44-9715-4078-9459-65E261FCA50D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {322A90A3-BBC0-4832-B7C1-645984C7C3F9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {45E6F287-D487-4263-991F-7C5908D21BCF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {4B3BB225-328B-45DE-9FA6-303F554DFA59} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {51DD253C-C35F-40C3-9FBA-0489C0E1B996} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {716B92BF-BF54-4FD9-9996-922FE042C475} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8B82F390-1C7B-4FE4-A179-9B572DF61AA5} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {8E093C0E-1BF0-4739-8614-250D0D337FC4} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3574037338-378681773-173497233-1002 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Lorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {9355A27C-014D-4DFD-A83D-EAF84F7FCD55} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22] (Oracle Corporation)
Task: {96CCECC9-2389-4053-869D-1C4938B915BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-23] (Synaptics Incorporated)
Task: {A7143D69-EF94-4BCB-824F-4CABE138B448} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E14D7C1F-05AD-4B29-B7C9-5FD63A430D9A} - System32\Tasks\{A8E1093A-23EF-4DD1-92D8-483E87761D01} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}\setup.exe" -c -runfromtemp -l0x0009
Task: {F570E42C-465E-4573-BC41-DCF3513384D6} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-23 03:38 - 2015-12-16 06:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-23 03:45 - 2014-01-06 13:56 - 00079872 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-01-25 00:57 - 2015-12-16 09:34 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-09-23 03:50 - 2010-10-25 20:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-12-06 23:54 - 2014-03-05 08:55 - 00035688 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2014-12-05 16:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-05 16:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-05 16:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-05 16:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-05 16:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-25 00:57 - 2015-12-16 09:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-13 13:03 - 2016-01-17 14:55 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2014-09-23 03:43 - 2013-09-16 11:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-06 19:53 - 2015-03-06 19:53 - 00074168 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2015-03-06 19:53 - 2015-03-06 19:53 - 00020920 _____ () C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
2015-03-06 19:53 - 2015-03-06 19:53 - 00026552 _____ () C:\Program Files\Lenovo\iMController\PluginCommunication.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Lorn\AppData\Local\BFtVASs5XROXX:R2vy4coCe7tOEQpFccqUc
AlternateDataStreams: C:\Users\Lorn\AppData\Local\Jg3dtCJmqaLILUt:fQJ7RA7MnG3hUP6mBCUPzJ
AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temp
47ue6TnehOBcOR8z1SUsbV
AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:vJBOpqDvv08GCZfdUllCW5BNOU3
AlternateDataStreams: C:\Users\Lorn\AppData\Local\Temporary Internet Files:wLgppMlrHer0eCHB3v5UqAp
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1001\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\123simsen.com -> www.123simsen.com
There are 7866 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-12-18 02:39 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3574037338-378681773-173497233-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lorn\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3574037338-378681773-173497233-1002\...\StartupApproved\Run: => "AdobeBridge"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1C24C40D-4D56-40FF-84AF-9AE5265ACB8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E0884B77-65E4-4368-8721-F9D51E81254B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8BD0DAA0-0FF9-48A0-B7F5-4DF17756C581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{B42051D1-EB49-4CF7-9D67-8ABB5996FBDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{5C72DF7C-AF19-4E10-87AF-984CD5AF9CE2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{47B519B0-2577-489C-868A-649EEE2B6C8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{374701F4-4C85-4AC2-846A-41436121E808}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{06149AB3-D985-485F-BD91-5E9E52A533F6}C:\users\lorn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorn\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3CE89A14-EBEE-46A6-9BE0-28E6D0E01195}C:\users\lorn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lorn\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A280F7F4-D0F1-4A76-8253-79D963BEDCE3}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{9D94A1DE-5598-45E9-A61A-4AB29A4C7597}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{FCA99A04-4757-4C81-B18D-13D832AFA725}] => (Allow) C:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe
FirewallRules: [{F9423CA4-0705-431C-8493-DBEE24265F1E}] => (Allow) C:\Program Files (x86)\Capcom\Dead Rising 2 Off The Record\deadrising2otr.exe
FirewallRules: [TCP Query User{0DCC3A7D-C8C0-48D9-BF3B-8CFD3418E1C9}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{89089E15-22B9-468D-92C3-1EC6418EC7C4}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{22FC8D3D-96C6-4D60-B818-AEFAFB968A37}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{1C541F35-471D-4864-966C-7A7A7BCCAE2C}C:\program files (x86)\torchlight ii\torchlight2.exe] => (Allow) C:\program files (x86)\torchlight ii\torchlight2.exe
FirewallRules: [{FBD36A6B-C406-4108-ADC2-EDDFF772B07D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{0355BCF4-E816-4D68-86A6-EC8F5291F372}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [TCP Query User{9EF0774D-1375-46D1-96B2-D416D330EA5A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{D3F44961-E99A-4B99-A9B3-28803CE0E704}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{FFA5EC9F-846C-4CB9-A620-186843643DBE}C:\games\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\games\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{0F43029B-AB21-48F3-AE04-3FB32E7D0E34}C:\games\dead island riptide\deadislandgame_x86_rwdi.exe] => (Allow) C:\games\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{AAAEC521-122D-4AA9-83AC-A440C270E868}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{69CFB418-A366-48D1-B008-A7BC4FE38BD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C495514A-C1A9-4B9F-9F88-DB0B6B0886CD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0875147C-2CFF-4CCA-B101-990BA835AD69}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FF6BB9E0-05DE-4868-A81E-6A4E2A09E5DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DF20E90D-A462-4345-8935-EAA1E5416A3E}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{709066EC-CFC1-40CA-8F6F-6A4102CB2DB0}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{A3777AAF-D7CB-4CDD-82E0-399457C6B79C}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{5B0876F1-99B2-449E-8C13-5EC3D00FD805}C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe] => (Block) C:\program files (x86)\r.g. catalyst\saints row. the third\saintsrowthethird.exe
FirewallRules: [{CBBFC016-7E48-42B3-8738-64812735B416}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{084561C2-08E3-4FC4-BD5C-71F011E4003D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{84B4E84D-97F1-41C1-900E-835500311553}C:\games\broforce alien infestation update\broforce_beta.exe] => (Allow) C:\games\broforce alien infestation update\broforce_beta.exe
FirewallRules: [UDP Query User{215D9C28-73E4-4A8A-926F-B9A6FF8E1A22}C:\games\broforce alien infestation update\broforce_beta.exe] => (Allow) C:\games\broforce alien infestation update\broforce_beta.exe
FirewallRules: [{F4C9A36B-342E-4DE2-A592-31F674DA6A07}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6CDA0BBF-A567-402F-9143-F39909C95508}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4A722C70-6A14-4D2A-95D1-2CFD607495DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{3017B558-9D14-44C8-975A-FDDEB98C49D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{CAF27128-8C75-48C9-BDE1-0F70EC8F47BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [{D7243E32-B600-496F-B020-8C6BE451D9D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\VelvetSundown\VelvetSundown.exe
FirewallRules: [TCP Query User{8236EE35-78B2-47EA-B091-5827A8743B03}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{118E3D12-12CF-4A12-BA8A-7D3CCF1495CF}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{F0ADDAAD-C605-4F97-8A0A-4D068E01E5EF}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{332D29D9-721A-49DF-8DEA-49030735DA59}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{E6636355-8A14-4F99-90B3-3ACC693DD424}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{322D31E6-AE0E-4D50-AC6C-55104266618E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{494612CF-358B-4D35-ABEE-535B5E4AF5BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{09E2388B-60E1-49A6-82E2-867EF9A58FC1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5CE2A19A-8B90-4803-921D-E89214809526}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9BC3AE19-DBB2-4EEC-80E9-DDD44F4A3C4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{AFEAE210-D55A-4EDB-A1DF-BAFC877C12A5}C:\games\fallout 4\fallout 4\fallout4.exe] => (Allow) C:\games\fallout 4\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{F59B7611-22F7-4EFB-957C-DDAFABE7D40A}C:\games\fallout 4\fallout 4\fallout4.exe] => (Allow) C:\games\fallout 4\fallout 4\fallout4.exe
FirewallRules: [{BABA94F5-A4A7-4DFA-99B9-CA4F0EC36A88}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{401B80F4-B4D8-4BDE-A903-4FD42B2A9484}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{93FD922A-672B-4236-A584-F04F5FF7CB5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23CF5A77-A724-4B8F-9F72-A8A366213488}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F16F6E6-DD3B-4E26-8D4F-16BEE6509FE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{630B31EC-94E9-411F-8A70-3C11DFCB7FB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C31F06D9-338A-4256-8FA3-08757FF3785A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F744FC27-78F2-41F6-A67B-6B107F20ACD0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BCC9D13F-7605-497C-A367-35D6C5F62005}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A8746BEF-7796-4BAB-AABC-B1522579B9F1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7DE9D94D-76D1-48FB-A6AA-2ED47982BD4A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{679D4C64-C5E4-4AA7-AACF-CAE6E1AE18F7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{4511D2FF-D3E4-4CF3-BE67-BE6CE7C8FC70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2B3EF2B6-B2B2-441F-AF19-9E6319AABDBC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BA9CB269-9745-4FE9-A2F9-90BC7D954AC4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{F58FE3AC-0FBA-4A00-981F-134B90AD7F15}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DFADB35C-A27F-4656-BEEF-F5807D8B8245}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8BBA34DF-1156-4E19-9A7E-6250ECD6B7BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{01C8BC18-1216-471F-9AF2-9DAB7CA83110}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{61DEE219-351E-4345-8D0F-61D343E1447D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{940B6868-46A3-4A30-B667-8FD0146834A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CBBA7422-857A-4A15-ADF7-D5939404B538}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EDCC2CAC-5218-465D-A494-2F8BE2524271}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8770C85C-38E8-4A2E-99F8-B86E2A3FD2B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B94F19C2-9E17-458E-9BED-AB1A6350C8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48EAF331-FAE9-4144-91BB-18E0771111EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
17-01-2016 02:28:48 Removed Visual Studio 2012 x64 Redistributables
20-01-2016 01:56:49 Installed Lenovo EasyCamera
22-01-2016 17:23:17 Removed Ableton Live 9 Suite
25-01-2016 00:57:26 Removed NVIDIA PhysX
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2016 02:10:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/25/2016 02:10:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/25/2016 02:10:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/25/2016 02:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/25/2016 02:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 16.31.0.7357, time stamp: 0x568f94e5
Faulting module name: mfc110u.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4
Exception code: 0xc0000135
Fault offset: 0x0009d5b2
Faulting process id: 0x1a00
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5
Error: (01/25/2016 02:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BTServer.exe, version: 1.0.85.1, time stamp: 0x52ca48cc
Faulting module name: mfc110u.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
Exception code: 0xc0000135
Fault offset: 0x00000000000ec580
Faulting process id: 0x1784
Faulting application start time: 0xBTServer.exe0
Faulting application path: BTServer.exe1
Faulting module path: BTServer.exe2
Report Id: BTServer.exe3
Faulting package full name: BTServer.exe4
Faulting package-relative application ID: BTServer.exe5
Error: (01/25/2016 02:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgnsa.exe, version: 16.31.0.7357, time stamp: 0x568f94c9
Faulting module name: MSVCP110.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
Exception code: 0xc0000135
Fault offset: 0x00000000000ec580
Faulting process id: 0xa64
Faulting application start time: 0xavgnsa.exe0
Faulting application path: avgnsa.exe1
Faulting module path: avgnsa.exe2
Report Id: avgnsa.exe3
Faulting package full name: avgnsa.exe4
Faulting package-relative application ID: avgnsa.exe5
Error: (01/25/2016 02:09:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgemca.exe, version: 16.31.0.7357, time stamp: 0x568f9464
Faulting module name: MSVCP110.dll, version: 6.3.9600.18185, time stamp: 0x5683f0c5
Exception code: 0xc0000135
Fault offset: 0x00000000000ec580
Faulting process id: 0xa70
Faulting application start time: 0xavgemca.exe0
Faulting application path: avgemca.exe1
Faulting module path: avgemca.exe2
Report Id: avgemca.exe3
Faulting package full name: avgemca.exe4
Faulting package-relative application ID: avgemca.exe5
Error: (01/25/2016 01:19:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/25/2016 12:01:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (01/25/2016 02:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Manager DBC Service service failed to start due to the following error:
%%14001
Error: (01/25/2016 02:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%1053
Error: (01/25/2016 02:09:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
Error: (01/25/2016 01:18:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Manager DBC Service service failed to start due to the following error:
%%14001
Error: (01/25/2016 01:18:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%1053
Error: (01/25/2016 01:18:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
Error: (01/25/2016 01:05:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Manager DBC Service service failed to start due to the following error:
%%14001
Error: (01/25/2016 01:03:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Service service failed to start due to the following error:
%%1053
Error: (01/25/2016 01:03:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
Error: (01/25/2016 12:39:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Power Manager DBC Service service failed to start due to the following error:
%%14001
CodeIntegrity:
===================================
Date: 2016-01-25 14:12:33.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:12:33.080
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:12:21.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:12:21.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:09:43.301
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:00:03.149
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 14:00:02.993
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 13:57:33.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 13:57:33.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-25 13:57:21.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8084.27 MB
Available physical RAM: 5677.54 MB
Total Virtual: 9364.27 MB
Available Virtual: 6709.74 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.49 GB) (Free:479.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 64E46442)
Partition: GPT.
==================== End of Addition.txt ============================
Checkup.txt:
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 71
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.286
Mozilla Firefox (43.0.4)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````