Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.agent, PastaQuotes, RegClean-Pro, ShopAtHome, Wajam & others


  • This topic is locked This topic is locked
66 replies to this topic

#1 joelbordeau

joelbordeau

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 August 2014 - 11:05 PM

I’m new to Windows 8 and my computer is only 10 months old. We have multiple pop ups while on the internet, we can't attach a file to emails through webmail, when I tried to download programs like ccleaner or revo uninstaller, I got redirected to other various sites so had to use a thumb drive to add them. McAfee shows that there was 20 trojans found during previous scans, but I cannot locate them or a detailed list to figure out which ones. In order to run some programs, I installed and ran rkill. However, there are still folders that I can’t access because it says I don’t have access even though I have administrator rights. Some of them look like they’re actually shortcuts to folders, but I get the same error message.

 

I've installed and ran MBAM, Spybot S&D2, and SuperAntiSpyware and used Revo Uninstaller to remove, Norton Security Scan, OpenSoftwareUpdater, PastaQuotes, RegClean-Pro, SaveSense (remove only), Search Protect, ShopAtHome.com Helper & Toolbar, The weDownload Manager, Updater, Video Converter, Video Converter Bundle, Wajam, Websteroids, and Yahoo! Toolbar. Needless to say, it’s hard to tell it which of these are completely gone since there’s still problems.  Any assistance would be greatly appreciated, especially since online classes start later this week.

 

Here’s the dds.txt file after making these changes:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.17054

Run by Joel at 1:26:01 on 2014-08-18

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3982.2169 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe

C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe

C:\windows\system32\dashost.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\windows\system32\mfevtps.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\windows\SysWOW64\NLSSRV32.EXE

C:\windows\system32\taskeng.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\windows\system32\taskhostex.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe

C:\Program Files (x86)\Random House\WUD-WG\WGRU.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe

C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

C:\Windows\System32\RuntimeBroker.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\windows\explorer.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Lenovo\LVT\LVT.exe

c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://lenovo13.msn.com

mStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [TNIOSDVolumeSync(x64)] C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe

mRun: [TNIOSDVolumeSync(x86)] C:\Program Files\TNIOSDVolumeSync\TNIExec.exe

mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"

mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe 1

mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

StartupFolder: C:\Users\Joel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RANDOM~1.LNK - C:\Program Files (x86)\Random House\WUD-WG\WGRU.exe

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5559A279-3CA5-45C8-9E35-1093470148FA} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 

x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [Lenovo Black Silk Input Device Main Program] C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\Drivers\mfehidk.sys [2013-9-24 786296]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\Drivers\mfewfpk.sys [2013-9-24 348552]

R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\Drivers\ddcdrv.sys [2013-4-29 20832]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-10 172344]

R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2356912]

R2 Dashboard Service;Dashboard Service;C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [2013-4-29 24880]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-18 328928]

R2 IdeaTouch.LocalDataServer.Education;IdeaTouch.LocalDataServer.Education;C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [2013-4-29 7680]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-29 165664]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-15 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-15 860472]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-9-19 201304]

R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\MSC\McAPExe.exe [2013-10-18 178528]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-18 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-18 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-18 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-18 328928]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-18 1041192]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2013-10-18 219752]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-10-18 189912]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-14 230408]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-12-14 70152]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-15 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-15 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-15 168384]

R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-7 5052224]

R2 TNISrvc;TNI Launcher Service;C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [2012-8-30 53760]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-29 364832]

R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-4-29 56136]

R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\Drivers\cfwids.sys [2013-9-24 72128]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-29 169752]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-2-4 342528]

R3 LEMo602D;LEMo602D Mouse Suite Driver;C:\windows\System32\Drivers\LEMo602D.SYS [2013-4-29 24064]

R3 LEub602D;LEub602D Low Filter Driver;C:\windows\System32\Drivers\LEub602D.SYS [2013-4-29 18944]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-8-15 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\Drivers\MBAMSwissArmy.sys [2014-8-15 122584]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2014-8-15 64216]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\Drivers\mfeavfk.sys [2013-9-24 313544]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\Drivers\mfefirek.sys [2013-9-24 523792]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\Drivers\mfencbdc.sys [2014-6-18 444720]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2013-4-29 266896]

R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-4-29 683664]

R3 VMC412;Vimicro Camera Service VMC412;C:\windows\System32\Drivers\vmc412.sys [2013-4-29 232576]

R3 vmuacflt;Vimicro USB Audio Filter;C:\windows\System32\Drivers\vmuacflt.sys [2013-4-29 13696]

S0 mfeelamk;McAfee Inc. mfeelamk;C:\windows\System32\Drivers\mfeelamk.sys [2013-9-24 70600]

S2 0032841408333560mcinstcleanup;McAfee Application Installer Cleanup (0032841408333560);C:\windows\TEMP\003284~1.EXE -cleanup -nolog --> C:\windows\TEMP\003284~1.EXE -cleanup -nolog [?]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\Drivers\HipShieldK.sys [2014-4-15 197704]

S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\Drivers\mfencrk.sys [2014-6-18 96592]

S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2014-8-17 31800]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-4-29 102376]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2014-08-18 02:55:59 -------- d-----w- C:\Users\Joel\AppData\Roaming\VS Revo Group

2014-08-18 02:54:55 -------- d-----w- C:\Users\Joel\AppData\Local\VS Revo Group

2014-08-18 02:54:51 -------- d-----w- C:\ProgramData\VS Revo Group

2014-08-18 02:54:50 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys

2014-08-18 02:54:48 -------- d-----w- C:\Program Files\VS Revo Group

2014-08-17 03:26:17 704480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2014-08-17 03:26:17 105440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-08-17 03:05:16 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys

2014-08-17 03:03:42 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe

2014-08-17 03:03:42 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe

2014-08-15 20:09:29 -------- d-----w- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com

2014-08-15 20:08:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2014-08-15 20:08:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2014-08-15 19:40:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2014-08-15 19:40:36 17272 ----a-w- C:\windows\System32\sdnclean64.exe

2014-08-15 19:40:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-08-15 19:15:33 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys

2014-08-15 19:14:53 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2014-08-15 19:14:53 64216 ----a-w- C:\windows\System32\drivers\mwac.sys

2014-08-15 19:14:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-15 19:09:38 -------- d-----w- C:\Users\Joel\AppData\Roaming\Malwarebytes

2014-08-15 19:09:26 -------- d-----w- C:\ProgramData\Malwarebytes

2014-08-15 19:09:23 25816 ----a-w- C:\windows\System32\drivers\mbam.sys

2014-08-15 16:18:13 199680 ----a-w- C:\windows\System32\cdd.dll

2014-08-15 16:18:13 1453400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2014-08-15 16:17:04 3959296 ----a-w- C:\windows\System32\jscript9.dll

2014-08-15 16:17:00 702976 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2014-08-15 16:17:00 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll

2014-08-15 16:09:08 712192 ----a-w- C:\windows\System32\aepdu.dll

2014-08-15 16:09:08 556544 ----a-w- C:\windows\System32\aeinv.dll

2014-08-15 16:09:00 10116608 ----a-w- C:\windows\System32\twinui.dll

2014-08-15 16:08:58 8857600 ----a-w- C:\windows\SysWow64\twinui.dll

2014-08-15 16:08:56 2146304 ----a-w- C:\windows\System32\actxprxy.dll

2014-08-15 16:08:55 2885632 ----a-w- C:\windows\System32\msi.dll

2014-08-15 16:08:55 2416128 ----a-w- C:\windows\SysWow64\msi.dll

2014-08-15 16:08:54 2306560 ----a-w- C:\windows\System32\authui.dll

2014-08-15 16:08:53 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll

2014-08-15 16:08:53 393216 ----a-w- C:\windows\System32\msihnd.dll

2014-08-15 16:08:53 2037760 ----a-w- C:\windows\SysWow64\authui.dll

2014-08-15 16:08:53 112984 ----a-w- C:\windows\System32\consent.exe

2014-08-15 16:08:52 295424 ----a-w- C:\windows\SysWow64\msihnd.dll

2014-08-15 16:07:52 1312768 ----a-w- C:\windows\System32\rpcrt4.dll

2014-08-15 16:07:51 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll

2014-08-15 16:07:46 94552 ----a-w- C:\windows\System32\drivers\mountmgr.sys

2014-08-15 16:07:46 328024 ----a-w- C:\windows\System32\drivers\Classpnp.sys

2014-08-15 15:15:10 -------- d-----w- C:\Users\Joel\Special Utilities

2014-08-13 17:35:01 262312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10244.bin

2014-08-12 22:12:57 -------- d-----w- C:\ProgramData\Systweak

2014-08-07 15:16:34 -------- d-----w- C:\Users\Joel\AppData\Roaming\TeamViewer

2014-08-07 15:16:31 -------- d-----w- C:\Program Files (x86)\TeamViewer

2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M  ====================

.

2014-07-24 12:10:54 2240000 ----a-w- C:\windows\System32\wininet.dll

2014-07-24 12:10:46 915968 ----a-w- C:\windows\System32\uxtheme.dll

2014-07-24 12:10:46 53760 ----a-w- C:\windows\System32\UXInit.dll

2014-07-24 12:09:33 67072 ----a-w- C:\windows\System32\iesetup.dll

2014-07-24 12:09:33 136704 ----a-w- C:\windows\System32\iesysprep.dll

2014-07-24 12:09:00 1508864 ----a-w- C:\windows\System32\inetcpl.cpl

2014-07-24 10:52:27 1766400 ----a-w- C:\windows\SysWow64\wininet.dll

2014-07-24 10:52:20 44032 ----a-w- C:\windows\SysWow64\UXInit.dll

2014-07-24 10:51:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2014-07-24 10:51:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2014-07-24 10:51:02 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2014-07-24 10:33:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2014-07-24 10:29:20 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2014-07-24 08:03:01 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll

2014-06-30 22:42:56 394240 ----a-w- C:\windows\System32\devinv.dll

2014-06-30 22:42:48 87552 ----a-w- C:\windows\System32\aepic.dll

2014-06-30 21:55:44 20328 ----a-w- C:\windows\System32\roboot64.exe

2014-06-20 14:38:22 72128 ----a-w- C:\windows\System32\drivers\cfwids.sys

2014-06-20 14:31:06 348552 ----a-w- C:\windows\System32\drivers\mfewfpk.sys

2014-06-20 14:30:38 189912 ----a-w- C:\windows\System32\mfevtps.exe

2014-06-20 14:26:02 786296 ----a-w- C:\windows\System32\drivers\mfehidk.sys

2014-06-20 14:23:40 523792 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2014-06-20 14:21:48 313544 ----a-w- C:\windows\System32\drivers\mfeavfk.sys

2014-06-20 14:20:54 181704 ----a-w- C:\windows\System32\drivers\mfeapfk.sys

2014-06-20 14:09:34 70600 ----a-w- C:\windows\System32\drivers\mfeelamk.sys

2014-06-18 07:12:42 11336 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys

2014-06-18 07:12:12 96592 ----a-w- C:\windows\System32\drivers\mfencrk.sys

2014-06-18 07:11:44 444720 ----a-w- C:\windows\System32\drivers\mfencbdc.sys

2014-06-17 23:27:37 1440256 ----a-w- C:\windows\SysWow64\osk.exe

2014-06-17 23:24:48 1557504 ----a-w- C:\windows\System32\osk.exe

2014-06-11 04:18:14 4038144 ----a-w- C:\windows\System32\win32k.sys

2014-06-06 14:06:38 596480 ----a-w- C:\windows\System32\qedit.dll

2014-06-06 10:17:56 497152 ----a-w- C:\windows\SysWow64\qedit.dll

2014-06-02 22:33:45 265216 ----a-w- C:\windows\System32\InkEd.dll

2014-05-29 23:31:26 452608 ----a-w- C:\windows\SysWow64\SHCore.dll

2014-05-29 23:03:04 588288 ----a-w- C:\windows\System32\SHCore.dll

2014-05-29 23:02:28 439808 ----a-w- C:\windows\System32\lsm.dll

2014-05-29 23:02:27 1281536 ----a-w- C:\windows\System32\lsasrv.dll

2014-05-29 22:24:46 576512 ----a-w- C:\windows\System32\drivers\afd.sys

.

============= FINISH:  1:26:27.98 ===============

 

 

The attach.txt file is included as an attachment

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 19 August 2014 - 02:31 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 August 2014 - 11:20 PM

Hi Marius,

Thank you for your help in this matter. Sorry for the delay, but there's been health issues that have delayed be being able to respond quickly and I appreciate that you haven;t closed the topic.. I clicked on the downloaded gmer file and after opening it, there's a message that reads "C;\windows\system32\config\system. The process cannot access the file because it is being used by another process." The only option is to click OK. If I click OK, then there's two entries that fill in in the main screen under Rootkit/Malware. Is this correct?



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 28 August 2014 - 06:13 AM

Please reboot into safe mode and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 08 September 2014 - 09:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:01:53 PM

Posted 13 September 2014 - 06:42 PM

This topic has been re-opened at the request of the person who originally posted.

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 14 September 2014 - 05:31 AM

Welcome back!

 

Pleae reboot into safe moed and try again to run gmer.

Post the log and do the following as well:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 15 September 2014 - 03:31 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Joel (administrator) on IDEA-PC on 15-09-2014 03:51:53
Running from C:\Users\Joel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N2OUM68
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TPV-INVENTA TECHNOLOGY CO., LTD.) C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
(Eurofield Information Solutions Pty Ltd) C:\Program Files (x86)\Random House\WUD-WG\WGRU.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(TPV-INVENTA TECHNOLOGY CO., LTD) C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\mcafee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-19] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x86)] => C:\Program Files\TNIOSDVolumeSync\TNIExec.exe
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-201081657-693390092-468431868-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-201081657-693390092-468431868-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-201081657-693390092-468431868-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Random House Webster's Unabridged Dictionary WordGenius Activate.LNK
ShortcutTarget: Random House Webster's Unabridged Dictionary WordGenius Activate.LNK -> C:\Program Files (x86)\Random House\WUD-WG\WGRU.exe (Eurofield Information Solutions Pty Ltd)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {C770A71E-8E1E-4755-A1A8-920E7C778295} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {C770A71E-8E1E-4755-A1A8-920E7C778295} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - DefaultScope {C770A71E-8E1E-4755-A1A8-920E7C778295} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {C770A71E-8E1E-4755-A1A8-920E7C778295} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {AAF19603-206F-41E1-9745-DD2711F4649C} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {92EF8638-7617-48A9-8F9E-AB69B4FDC1DC} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US714&p={SearchTerms}
SearchScopes: HKCU - {AAF19603-206F-41E1-9745-DD2711F4649C} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C770A71E-8E1E-4755-A1A8-920E7C778295} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-18]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.monorgism.com/", "hxxp://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutC0EtA0EzzyEtBtAyDyE0CyC0AtA0AyDtN0D0Tzu0SzyyDyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0D0B0AyC0EyD0FtG0FtCtC0AtGyDtD0A0FtGtBtAyE0EtGyCyCtBtA0AyE0A0D0E0AtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzyyCtD0D0CtB0BtGyCtAzyyDtG0D0CyBzztG0E0A0A0EtGtAyCyByByBtA0BzytB0B0AtB2Q&cr=261891636&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google Drive) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google Search) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (SiteAdvisor) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-28]
CHR Extension: (Google Wallet) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
S2 0229681410767903mcinstcleanup; C:\windows\TEMP\022968~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LEMo602D; C:\Windows\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
R3 LEub602D; C:\Windows\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 04:00 - 2014-09-15 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-15 03:51 - 2014-09-15 03:51 - 00000000 ____D () C:\FRST
2014-09-15 03:13 - 2014-09-15 03:41 - 00021504 _____ () C:\windows\system32\umstartup.etl
2014-09-10 15:03 - 2014-09-10 15:03 - 00056496 _____ (GMER) C:\kxlorpow.sys
2014-09-10 14:36 - 2014-09-10 14:36 - 00380416 _____ () C:\Users\Joel\Downloads\su5h3py6.exe
2014-09-07 21:05 - 2014-09-07 21:05 - 00010040 _____ () C:\windows\wininit.ini
2014-08-29 22:48 - 2014-08-29 22:48 - 00000000 ____D () C:\windows\pss
2014-08-28 00:04 - 2014-08-28 00:04 - 00380416 _____ () C:\Users\Joel\Downloads\uxrfg5gq.exe
2014-08-28 00:04 - 2014-08-28 00:04 - 00380416 _____ () C:\Users\Joel\Downloads\p8mudhto.exe
2014-08-28 00:01 - 2014-08-28 00:01 - 00380416 _____ () C:\Users\Joel\Downloads\ffjiwfbw.exe
2014-08-27 13:40 - 2014-08-23 02:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 13:40 - 2014-07-15 19:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 13:40 - 2014-07-11 22:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 19:55 - 2014-08-27 13:35 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 19:54 - 2014-08-29 09:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 19:54 - 2014-08-29 09:35 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 19:54 - 2014-08-29 09:35 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 19:54 - 2014-08-29 09:35 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-18 00:40 - 2014-08-18 00:40 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-18 00:40 - 2014-08-18 00:40 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\CyberLink
2014-08-17 22:55 - 2014-08-17 22:55 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\Users\Joel\AppData\Local\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-17 22:54 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-08-16 23:26 - 2014-08-01 20:15 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 23:26 - 2014-08-01 20:15 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 23:05 - 2014-07-15 18:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-08-16 23:03 - 2014-06-10 18:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 23:03 - 2014-06-10 18:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 04:01 - 2014-02-19 18:03 - 00000374 _____ () C:\windows\Tasks\CIMT_S-1-5-21-201081657-693390092-468431868-1001.job
2014-09-15 04:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-15 04:00 - 2014-09-15 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-15 04:00 - 2013-10-18 22:48 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-09-15 03:59 - 2014-06-28 16:54 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 03:59 - 2013-04-29 07:14 - 01434424 _____ () C:\windows\WindowsUpdate.log
2014-09-15 03:58 - 2013-10-18 22:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-15 03:55 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-15 03:51 - 2014-09-15 03:51 - 00000000 ____D () C:\FRST
2014-09-15 03:51 - 2013-09-19 20:09 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-201081657-693390092-468431868-1001
2014-09-15 03:49 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-15 03:48 - 2013-10-24 11:01 - 00000491 _____ () C:\Users\Joel\Desktop\Gmail.website
2014-09-15 03:46 - 2014-08-15 16:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-15 03:46 - 2014-06-28 16:54 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 03:42 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-15 03:41 - 2014-09-15 03:13 - 00021504 _____ () C:\windows\system32\umstartup.etl
2014-09-15 03:41 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 03:41 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-12 23:13 - 2012-10-09 19:08 - 00243498 _____ () C:\windows\PFRO.log
2014-09-10 15:03 - 2014-09-10 15:03 - 00056496 _____ (GMER) C:\kxlorpow.sys
2014-09-10 14:36 - 2014-09-10 14:36 - 00380416 _____ () C:\Users\Joel\Downloads\su5h3py6.exe
2014-09-10 00:26 - 2014-05-02 14:04 - 00000652 _____ () C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\ASURITE Sign-In.website
2014-09-07 21:05 - 2014-09-07 21:05 - 00010040 _____ () C:\windows\wininit.ini
2014-09-07 21:05 - 2014-08-15 15:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 20:34 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\Registration
2014-09-07 19:59 - 2014-08-15 15:15 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 16:32 - 2014-08-15 16:08 - 00001968 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-29 22:48 - 2014-08-29 22:48 - 00000000 ____D () C:\windows\pss
2014-08-29 21:35 - 2014-07-30 07:47 - 00004964 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for IDEA-PC-Joel idea-PC
2014-08-29 20:19 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-08-29 13:44 - 2014-07-21 17:35 - 00432344 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 09:35 - 2014-08-21 19:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-29 09:35 - 2014-08-21 19:54 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-29 09:35 - 2014-08-21 19:54 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-29 09:35 - 2014-08-21 19:54 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-29 09:35 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-08-29 07:00 - 2013-10-11 11:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 23:09 - 2013-09-19 07:56 - 00000000 ____D () C:\Users\Joel\AppData\Local\Packages
2014-08-28 21:25 - 2013-10-18 11:27 - 00000465 _____ () C:\Users\Joel\Desktop\Google.website
2014-08-28 00:04 - 2014-08-28 00:04 - 00380416 _____ () C:\Users\Joel\Downloads\uxrfg5gq.exe
2014-08-28 00:04 - 2014-08-28 00:04 - 00380416 _____ () C:\Users\Joel\Downloads\p8mudhto.exe
2014-08-28 00:01 - 2014-08-28 00:01 - 00380416 _____ () C:\Users\Joel\Downloads\ffjiwfbw.exe
2014-08-27 13:35 - 2014-08-21 19:55 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-27 13:35 - 2014-08-21 19:55 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 00:16 - 2014-07-25 20:27 - 00000000 ____D () C:\Users\Joel\Documents\ENG 365
2014-08-23 02:47 - 2014-08-27 13:40 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 22:41 - 2013-04-29 07:10 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-08-19 11:13 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-08-18 05:58 - 2014-08-07 11:16 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\TeamViewer
2014-08-18 01:28 - 2014-08-15 11:15 - 00000000 ____D () C:\Users\Joel\Special Utilities
2014-08-18 00:40 - 2014-08-18 00:40 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-18 00:40 - 2014-08-18 00:40 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\CyberLink
2014-08-17 23:48 - 2014-07-05 11:12 - 00000000 ____D () C:\Users\Joel\Desktop\Joel's Pics 2
2014-08-17 23:48 - 2013-11-02 11:22 - 00000000 ____D () C:\Users\Joel\Desktop\LuLu Pics
2014-08-17 23:34 - 2014-02-19 18:00 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-08-17 23:31 - 2014-02-19 18:03 - 00000000 ____D () C:\ProgramData\Symantec
2014-08-17 23:31 - 2014-02-19 18:03 - 00000000 ____D () C:\ProgramData\Norton
2014-08-17 23:13 - 2014-01-29 10:52 - 00000000 ____D () C:\Users\Joel\Documents\Joel United Healthcare EOB 7-3-13
2014-08-17 23:13 - 2012-10-09 20:08 - 00000000 ____D () C:\windows\Panther
2014-08-17 23:12 - 2014-06-28 08:45 - 00000000 ____D () C:\ProgramData\tmp
2014-08-17 22:55 - 2014-08-17 22:55 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00001088 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\Users\Joel\AppData\Local\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-17 22:54 - 2014-08-17 22:54 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-16 23:22 - 2014-07-14 19:52 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-16 23:22 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData
2014-08-16 23:10 - 2013-09-22 08:13 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 23:09 - 2013-09-22 08:13 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 22:22 - 2014-08-12 18:12 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-16 22:22 - 2014-07-17 19:46 - 00000000 ____D () C:\Users\Joel\AppData\Roaming\Systweak

Files to move or delete:
====================
C:\ProgramData\Lenovo-3874.vbs
C:\ProgramData\Lenovo-3936.vbs

Some content of TEMP:
====================
C:\Users\Joel\AppData\Local\Temp\SAS6_Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-20 04:13

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Joel at 2014-09-15 04:01:49
Running from C:\Users\Joel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N2OUM68
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Comparing (HKLM-x32\...\InstallShield_{FA26CEFD-E3BE-46EC-AEE0-95BF8F5CF307}) (Version: 1.00.2012.0829 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0829 - Tong child Research & Planning Co.,Ltd) Hidden
Consumer Input Update Helper (x32 Version: 1.3.25.131 - Compete Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.23 - Lenovo)
Lenovo Black Silk USB Keyboard (HKLM\...\Lenovo Black Silk USB Keyboard) (Version: 1.22 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Random House Webster's Unabridged Dictionary - WordGenius (HKLM-x32\...\Random House Webster's Unabridged Dictionary - WordGenius) (Version: 5.0 - Eurofield Information Solutions)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
TNIOSDVolumeSync (x32 Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-201081657-693390092-468431868-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joel\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-201081657-693390092-468431868-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joel\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-201081657-693390092-468431868-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Joel\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-201081657-693390092-468431868-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joel\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-201081657-693390092-468431868-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joel\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-08-2014 10:14:50 Scheduled Checkpoint
17-08-2014 03:01:54 Windows Update
18-08-2014 03:30:48 Revo Uninstaller Pro's restore point - Norton Security Scan
18-08-2014 03:32:39 Revo Uninstaller Pro's restore point - MyPC Backup
18-08-2014 03:33:41 Revo Uninstaller Pro's restore point - Yahoo! Toolbar
18-08-2014 03:35:03 Revo Uninstaller Pro's restore point - PastaQuotes
18-08-2014 03:36:51 Revo Uninstaller Pro's restore point - OpenSoftwareUpdater
18-08-2014 05:02:23 Revo Uninstaller Pro's restore point - Video Converter Bundle
18-08-2014 05:04:06 Revo Uninstaller Pro's restore point - Updater
21-08-2014 23:54:29 Windows Update
27-08-2014 17:53:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1446E05F-BDD7-43ED-B44C-939069C30FB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {35AB2D71-0E03-4EAC-870D-BAC246CC5608} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {43EAAFDF-48F9-4E31-8C63-60A88B4B854C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-08-16] (Microsoft Corporation)
Task: {5ECB4DA8-7B43-458C-A937-133D050E6EBA} - \RegClean Pro No Task File <==== ATTENTION
Task: {5F66808D-E76D-47FE-B244-95EC906AA672} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-29] (Microsoft Corporation)
Task: {6B0BB279-C24C-4EEE-A1BA-120D52415F1C} - System32\Tasks\CIMT_S-1-5-21-201081657-693390092-468431868-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {6DCE16EB-7536-49CC-80DF-2BF0EE8759BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {716DBF11-F72E-4B62-83C1-7FDB29FE3FE3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {7B1EF391-5D62-4D16-8FA0-3D21A6D9B3E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {8BF0BBFB-61C9-4DDB-A767-C480A69B7888} - System32\Tasks\Lenovo\Lenovo-3874 => C:\ProgramData\Lenovo-3874.vbs [2013-04-29] ()
Task: {928B5A69-12A6-4A48-9B3B-84F41F6E0D49} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {944A3F62-9A3C-46C6-8DB8-CB2147DE67A9} - System32\Tasks\Lenovo\Lenovo-3936 => C:\ProgramData\Lenovo-3936.vbs [2013-04-29] ()
Task: {96388F6B-2BEB-40C4-923E-0DDD8DC4A116} - \PastaQuotes No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BB623C82-7838-4B2C-8C87-1F69B43A06BF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D6D984CD-C240-41E3-B9AB-CB21AE471D9B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for IDEA-PC-Joel idea-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-29] (Microsoft Corporation)
Task: {DA815CA8-943D-465B-B3DB-B6A8C4664F8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {E322FD4E-4D46-4F60-87FB-69314DAC3041} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {E6388962-BAD1-4EBB-8A46-2A341DF065D5} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F7A11A71-12E1-4DEF-8871-61D94EF3434F} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\windows\Tasks\CIMT_S-1-5-21-201081657-693390092-468431868-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 15:13 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-29 06:52 - 2014-08-29 06:52 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-17 14:05 - 2014-05-17 14:05 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-02-04 23:19 - 2012-12-12 04:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-29 06:54 - 2011-04-19 02:50 - 01739776 _____ () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
2013-04-29 06:54 - 2011-05-12 04:29 - 00045056 _____ () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsComm.dll
2013-04-29 06:54 - 2011-05-16 22:28 - 00110592 _____ () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsUtil.dll
2013-04-29 06:54 - 2011-04-19 02:50 - 00044544 _____ () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDrv.dll
2013-04-29 06:54 - 2011-04-19 02:49 - 00038400 _____ () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsHooks.dll
2014-08-15 15:40 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-15 15:40 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-15 15:40 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-15 15:40 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-15 15:40 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-04-29 06:53 - 2012-10-22 17:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-08-15 15:40 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "OpenSoftwareUpdater"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 03:59:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2014 03:44:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (09/15/2014 03:10:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -1073610729 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/15/2014 03:09:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -1073610729 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2014 00:09:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dashboard.exe, version: 1.0.0.9, time stamp: 0x50f3ee01
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe0434352
Fault offset: 0x00010f22
Faulting process id: 0x228
Faulting application start time: 0xDashboard.exe0
Faulting application path: Dashboard.exe1
Faulting module path: Dashboard.exe2
Report Id: Dashboard.exe3
Faulting package full name: Dashboard.exe4
Faulting package-relative application ID: Dashboard.exe5

Error: (09/13/2014 00:09:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Dashboard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Dashboard_Desktop.App.Main()

Error: (09/13/2014 00:08:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dashboard.exe, version: 1.0.0.9, time stamp: 0x50f3ee01
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe0434352
Fault offset: 0x00010f22
Faulting process id: 0x898
Faulting application start time: 0xDashboard.exe0
Faulting application path: Dashboard.exe1
Faulting module path: Dashboard.exe2
Report Id: Dashboard.exe3
Faulting package full name: Dashboard.exe4
Faulting package-relative application ID: Dashboard.exe5

Error: (09/13/2014 00:08:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Dashboard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Dashboard_Desktop.App.Main()

Error: (09/13/2014 00:03:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17054, time stamp: 0x53d0b9f0
Faulting module name: MFMediaEngine.dll, version: 6.2.9200.16578, time stamp: 0x515f8daf
Exception code: 0xc0000005
Fault offset: 0x0001c3ff
Faulting process id: 0xbf8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (09/12/2014 11:42:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17054, time stamp: 0x53d0b9f0
Faulting module name: MFMediaEngine.dll, version: 6.2.9200.16578, time stamp: 0x515f8daf
Exception code: 0xc0000005
Fault offset: 0x0001c3ff
Faulting process id: 0x590
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (09/15/2014 03:41:11 AM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (09/15/2014 03:41:11 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:41:01 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:40:37 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:40:30 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:40:27 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1068fdPHostUnavailable{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/15/2014 03:40:27 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1068fdPHostUnavailable{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/15/2014 03:40:22 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:38:48 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2014 03:38:22 AM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (09/15/2014 03:59:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/15/2014 03:44:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/15/2014 03:10:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-1073610729

Error: (09/15/2014 03:09:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-1073610729

Error: (09/13/2014 00:09:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dashboard.exe1.0.0.950f3ee01KERNELBASE.dll6.2.9200.16864531d2be6e043435200010f2222801cfcf087a405252C:\Program Files (x86)\Lenovo\Lenovo Dashboard\Dashboard.exeC:\windows\SYSTEM32\KERNELBASE.dllb7f4055b-3afb-11e4-bea8-0025ab39b88d

Error: (09/13/2014 00:09:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Dashboard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Dashboard_Desktop.App.Main()

Error: (09/13/2014 00:08:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dashboard.exe1.0.0.950f3ee01KERNELBASE.dll6.2.9200.16864531d2be6e043435200010f2289801cfcf08682074d7C:\Program Files (x86)\Lenovo\Lenovo Dashboard\Dashboard.exeC:\windows\SYSTEM32\KERNELBASE.dlla76e41b9-3afb-11e4-bea8-0025ab39b88d

Error: (09/13/2014 00:08:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Dashboard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Dashboard_Desktop.App.Main()

Error: (09/13/2014 00:03:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1705453d0b9f0MFMediaEngine.dll6.2.9200.16578515f8dafc00000050001c3ffbf801cfcf04c2db200aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MFMediaEngine.dllddd4607e-3afa-11e4-bea8-0025ab39b88d

Error: (09/12/2014 11:42:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1705453d0b9f0MFMediaEngine.dll6.2.9200.16578515f8dafc00000050001c3ff59001cfcf04a72c462fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MFMediaEngine.dllf9ec91f5-3af7-11e4-bea8-0025ab39b88d

CodeIntegrity Errors:
===================================
  Date: 2014-07-28 15:15:47.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 08:12:56.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-21 10:13:04.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-14 16:48:28.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 08:41:05.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-04 16:25:18.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-18 19:56:01.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3982.1 MB
Available physical RAM: 1896.13 MB
Total Pagefile: 4686.1 MB
Available Pagefile: 2688.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:826.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DD207A68)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

 



#9 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 15 September 2014 - 03:44 AM

Hi Marius, also I attempted the Gmer instructions again and got the same results that I posted on the 8/28 post,

 

Thanks again,

 

Joel



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 15 September 2014 - 10:07 AM

Skip gmer, do the following instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 September 2014 - 12:19 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-18 12:14:17
-----------------------------
12:14:17.607 OS Version: Windows x64 6.2.9200
12:14:17.607 Number of processors: 2 586 0x3A09
12:14:17.607 ComputerName: IDEA-PC UserName: Joel
12:14:19.888 Initialize success
12:14:19.919 VM: initialized successfully
12:14:19.951 VM: Intel CPU supported
12:14:22.880 VM: supported disk I/O storport.sys
12:35:30.459 AVAST engine defs: 14091702
12:44:01.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
12:44:01.653 Disk 0 Vendor: ST1000DM003-1CH162 CC56 Size: 953869MB BusType: 11
12:44:01.778 VM: Disk 0 MBR read successfully
12:44:01.778 Disk 0 MBR scan
12:44:01.809 Disk 0 unknown MBR code
12:44:01.825 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
12:44:01.887 Disk 0 scanning C:\windows\system32\drivers
12:44:16.745 Service scanning
12:44:38.668 Modules scanning
12:44:38.668 Disk 0 trace - called modules:
12:44:38.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
12:44:38.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800448d060]
12:44:38.699 3 CLASSPNP.SYS[fffff88001871e0a] -> nt!IofCallDriver -> [0xfffffa800429e920]
12:44:38.714 5 ACPI.sys[fffff8800115ea91] -> nt!IofCallDriver -> \Device\00000032[0xfffffa800429b060]
12:44:40.117 AVAST engine scan C:\windows
12:44:42.286 AVAST engine scan C:\windows\system32
12:48:29.812 AVAST engine scan C:\windows\system32\drivers
12:48:48.695 AVAST engine scan C:\Users\Joel
13:07:42.889 AVAST engine scan C:\ProgramData
13:09:49.016 Scan finished successfully
13:14:54.022 Disk 0 MBR has been saved successfully to "C:\Users\Joel\Desktop\MBR.dat"
13:14:54.022 The log file has been saved successfully to "C:\Users\Joel\Desktop\aswMBR.txt"


Thanks

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 19 September 2014 - 04:17 AM

Are you using this software?

 

 

C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 21 September 2014 - 07:41 PM

no

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:53 PM

Posted 22 September 2014 - 05:27 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    ShopAtHome.com Helper
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 joelbordeau

joelbordeau
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 25 September 2014 - 02:23 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/25/2014
Scan Time: 2:46:19 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.25.09
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Joel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313063
Time Elapsed: 9 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Groovorio.A, C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.monorgism.com/", "http://groovorio.com/?f=7&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutC0EtA0EzzyEtBtAyDyE0CyC0AtA0AyDtN0D0Tzu0SzyyDyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0D0B0AyC0EyD0FtG0FtCtC0AtGyDtD0A0FtGtBtAyE0EtGyCyCtBtA0AyE0A0D0E0AtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzyyCtD0D0CtB0BtGyCtAzyyDtG0D0CyBzztG0E0A0A0EtGtAyCyByByBtA0BzytB0B0AtB2Q&cr=261891636&ir=" ],), Replaced,[f19410dfe992290de2505de315f04bb5]

Physical Sectors: 0
(No malicious items detected)


(end)


Hi Marius, I installed Revo Uninstaller and didn't find anything called ShopAtHome.com Helper, although I don't know if I was looking in the right place. The first screen that comes up that lists all the programs was where I was looking. Also, I don't know what you mean by FRST. Here is the log from MBAM. Thank so much,

Joel




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users