Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComSurrogate and Malware Whack-a-Mole


  • This topic is locked This topic is locked
57 replies to this topic

#1 GrayAnderson

GrayAnderson

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 13 October 2014 - 09:47 PM

I've been having an issue with a bit of Malware (at least, as far as I can tell).  The issue is, quite bluntly, that I know something is off but my Malware detection software (I have, in the last week, attempted to use Windows Defender, Spybot S&D, and Malwarebytes to no avail).  It initially manifested as a flood of "ComSurrogate" instances, but it has transitioned to acting somewhat differently (I'll shut down all the instances in an attempt to keep my system running).

 

I have managed to intermittently neutralize the process that was locking my system up, but only by using a "dirty trick": I've got some old install files that I'll copy, rename, insert in lieu of the "trouble" file, and then kill all permissions on.  The trouble program attempts to execute the file (which is now benign...my computer promptly starts trying to install Prime Minister Forever-Australia), and when I kick in the permission lock it stops even doing this.

 

Over the weekend, the file which manifested as a "trouble spot" was named "odavgu.exe"; I neutralized this Saturday night.  Tonight, I got to deal with one named "gvvvmpjnqcrb" (I suspect also a .exe) that was masquerading as Google Chrome.  That one was obviously a fake: I've never used Chrome...so the Malware got to try and control a parliamentary election again.

 

So...what do I do with this royal mess?


Edited by Budapest, 14 October 2014 - 01:24 AM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 14 October 2014 - 12:57 AM

Hi :)

 

This is an infection we won't deal in this forum, because we need specialized tools that we use only in Malware Removal Logs section. I am asking this thread to be moved to the appropriate section and we will go from there :)


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#3 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 14 October 2014 - 01:28 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#4 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 14 October 2014 - 02:21 AM

FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gray (administrator) on VAL on 14-10-2014 03:11:14
Running from C:\Users\William\Downloads
Loaded Profiles: UpdatusUser & Gray (Available profiles: UpdatusUser & Gray)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(America Online, Inc.) C:\Program Files (x86)\AIM\aim.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Intel\IntelAppStore\bin\ismShutdownTool.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [AIM] => C:\Program Files (x86)\AIM\aim.exe [67160 2005-08-03] (America Online, Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Xakiugew] => "C:\Users\William\AppData\Roaming\Lihagav\odavgu.exe"
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Pdqcbzlseel] => regsvr32.exe /s "C:\Users\William\AppData\Local\Temp\jedmxtp.dll" <===== ATTENTION
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe [814984 2013-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {80cda95e-e7cf-11e3-be8f-c3551cdb5d57} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {8caed73d-f13e-11e2-be75-2cd05ac84332} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d42194c8-1548-11e4-be91-fc1d330186bc} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d583a6d6-bb9d-11e3-be8d-ed366a99fd62} - "F:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 185.53.168.36:7808
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
SearchScopes: HKCU - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472}: [NameServer] 192.168.100.1,68.10.16.30

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 03:11 - 2014-10-14 03:12 - 00021637 _____ () C:\Users\William\Downloads\FRST.txt
2014-10-14 03:10 - 2014-10-14 03:11 - 00000000 ____D () C:\FRST
2014-10-14 03:10 - 2014-10-14 03:10 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64(1).exe
2014-10-14 03:10 - 2014-10-14 03:10 - 01101824 _____ (Farbar) C:\Users\William\Downloads\FRST.exe
2014-10-14 03:03 - 2014-10-14 03:03 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2014-10-13 22:33 - 2013-09-17 13:57 - 07890786 _____ (270soft.com ) C:\Users\William\gvvvmpjnqcrb.exe
2014-10-13 09:45 - 2014-10-13 09:46 - 00302088 _____ () C:\windows\Minidump\101314-22500-01.dmp
2014-10-13 09:44 - 2014-10-13 09:44 - 00002560 _____ () C:\Users\William\AppData\Local\AFF56F8E.exe
2014-10-11 01:00 - 2014-10-11 01:00 - 00000005 _____ () C:\Users\William\Documents\odavgu.exe.txt
2014-10-10 23:09 - 2014-10-11 01:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 23:08 - 2014-10-10 23:08 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-10 23:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-10 23:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-10 22:55 - 2014-10-10 23:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-10 22:55 - 2014-10-10 22:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-10 22:55 - 2014-10-10 22:55 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-10 22:55 - 2014-10-10 22:55 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-10 22:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-10-10 22:53 - 2014-10-10 22:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\William\Desktop\spybot-2-4.exe
2014-10-10 22:52 - 2014-10-10 22:52 - 00367456 _____ () C:\Users\William\Downloads\SoftonicDownloader_for_spybot-search-destroy.exe
2014-10-10 22:41 - 2014-10-11 01:05 - 00000000 ____D () C:\Users\William\AppData\Roaming\Lihagav
2014-10-10 19:03 - 2014-10-10 19:34 - 00000000 ____D () C:\Users\William\AppData\Roaming\Uwypxah
2014-10-10 01:50 - 2014-10-10 01:50 - 00081408 _____ () C:\Users\William\AppData\Roaming\ftbmt.dll
2014-10-10 01:50 - 2014-10-10 01:50 - 00004028 _____ () C:\windows\System32\Tasks\{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13}
2014-10-10 01:50 - 2014-10-10 01:50 - 00000000 _____ () C:\Users\William\AppData\Roaming\abmkk.dll
2014-10-10 01:47 - 2014-10-10 18:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-05 04:28 - 2014-10-05 04:29 - 00301944 _____ () C:\windows\Minidump\100514-42062-01.dmp
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 22:30 - 2014-10-13 09:45 - 677069092 _____ () C:\windows\MEMORY.DMP
2014-10-02 22:30 - 2014-10-13 09:45 - 00000000 ____D () C:\windows\Minidump
2014-10-02 22:30 - 2014-10-02 22:30 - 00301792 _____ () C:\windows\Minidump\100214-48640-01.dmp
2014-09-30 21:08 - 2014-09-30 21:08 - 00000085 ____H () C:\Users\William\Documents\.~lock.Precinct Captains Nov 4th 2014.xlsx#
2014-09-30 21:07 - 2014-10-13 05:25 - 00000085 ____H () C:\Users\William\Documents\.~lock.Stock File 2014-08-19.xls#
2014-09-30 10:59 - 2014-09-30 10:59 - 00027800 _____ () C:\Users\William\Documents\Precinct Captains Nov 4th 2014.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 03:10 - 2013-07-20 10:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Skype
2014-10-14 03:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-14 01:23 - 2013-04-11 12:23 - 01306386 _____ () C:\windows\WindowsUpdate.log
2014-10-14 00:02 - 2013-07-20 17:49 - 00000000 ____D () C:\Users\William\AppData\Local\CrashDumps
2014-10-13 22:33 - 2013-07-19 18:21 - 00000000 ____D () C:\Users\William
2014-10-13 20:38 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-13 13:25 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-13 13:24 - 2013-04-11 13:16 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-10-13 13:21 - 2013-07-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-13 09:45 - 2012-10-09 19:08 - 00019880 _____ () C:\windows\PFRO.log
2014-10-13 09:45 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-13 02:22 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-11 00:46 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-10 22:37 - 2013-08-15 23:07 - 00000000 ____D () C:\Users\William\AppData\Local\Cyberlink
2014-10-10 01:50 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-10-07 23:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-05 00:40 - 2014-05-21 22:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\quassel-irc.org
2014-10-04 19:16 - 2013-08-19 01:27 - 00635904 ___SH () C:\Users\William\Documents\Thumbs.db
2014-10-02 22:54 - 2014-03-24 01:10 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 22:54 - 2013-07-20 10:00 - 00000000 ____D () C:\ProgramData\Skype
2014-10-02 22:52 - 2014-01-27 02:00 - 00008704 ___SH () C:\Users\William\Desktop\Thumbs.db
2014-09-29 12:33 - 2013-07-19 18:23 - 00000000 ____D () C:\Users\William\Documents\Bluetooth Folder
2014-09-23 17:14 - 2013-07-20 11:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-22 04:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-22 02:42 - 2013-08-20 05:00 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\Lenovo-13720.vbs
C:\Users\William\gvvvmpjnqcrb.exe


Some content of TEMP:
====================
C:\Users\William\AppData\Local\Temp\AOLUserShell.dll
C:\Users\William\AppData\Local\Temp\ComponentMgr.dll
C:\Users\William\AppData\Local\Temp\jedmxtp.dll
C:\Users\William\AppData\Local\Temp\JpegReader.dll
C:\Users\William\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\William\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\William\AppData\Local\Temp\Mts3Reader.dll
C:\Users\William\AppData\Local\Temp\SceneComponent.dll
C:\Users\William\AppData\Local\Temp\siinst.exe
C:\Users\William\AppData\Local\Temp\SreeDMMX.dll
C:\Users\William\AppData\Local\Temp\strings.dll
C:\Users\William\AppData\Local\Temp\SWFView.dll
C:\Users\William\AppData\Local\Temp\VMPVideo.dll
C:\Users\William\AppData\Local\Temp\VMPVideo2.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-04 04:08

==================== End Of Log ============================

 

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Gray at 2014-10-14 03:13:06
Running from C:\Users\William\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bigasoft Total Video Converter 4.2.8.5275 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Crusader Kings II version 1.111 (HKLM-x32\...\{A30269D0-4F0B-44BB-A169-C665CA856EEC}}_is1) (Version: 1.111 - Paradox Interactive)
Deus Vult (HKLM-x32\...\Deus Vult_is1) (Version:  - GamersGate)
D-Fend Reloaded 1.3.5 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.5 - Alexander Herzog)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Galcon Fusion (HKLM-x32\...\Steam App 44200) (Version:  - Hassey Enterprises, Inc.)
Galcon Legends (HKLM-x32\...\Steam App 201040) (Version:  - Hassey Enterprises, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobility (HKLM-x32\...\{65FA1A98-BB92-4DA3-9D62-D1F0281F030A}) (Version: 3.02 - )
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version:  - )
NarcoGuerra version 1.0 (HKLM-x32\...\{0071FACA-5E9B-4CE9-9F89-3D99F5FB175E}_is1) (Version: 1.0 - Auroch Digital)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
President Forever 2016 - v. 1.6.2 (HKLM-x32\...\P4E16_is1) (Version:  - 270soft.com)
Prime Minister Forever - Australia 2013 - v. 1.4.8 (HKLM-x32\...\PM4E_AUS_2013_is1) (Version:  - 270soft.com)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.10.0-1 - KDE)
Race To Mars (HKLM-x32\...\Steam App 257930) (Version:  - INTERMARUM)
Railroad Tycoon 2: Platinum (HKLM-x32\...\Steam App 7620) (Version:  - PopTop)
Railroad Tycoon 3 (HKLM-x32\...\Steam App 7610) (Version:  - PopTop)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version:  - Ubisoft)
SimCity 2000 Special Edition (HKLM-x32\...\GOGPACKSIMCITY2000_is1) (Version: 2.0.0.14 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.4 - Kathleen MacMahon)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TripleA Version 1_8_0_3 (HKLM-x32\...\TripleAVersion1_8_0_3) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2691411101-4239032498-4200853137-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

25-09-2014 07:30:49 Scheduled Checkpoint
02-10-2014 09:59:27 Scheduled Checkpoint
12-10-2014 01:59:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1482C4C7-3E0D-443E-933B-5DC77B3CA2F9} - System32\Tasks\Lenovo\Lenovo-13720 => C:\ProgramData\Lenovo-13720.vbs [2013-04-11] ()
Task: {17DD4961-34C0-4F19-A3ED-8F80E8330156} - System32\Tasks\{D70A3632-3EEB-43F5-98F4-253E8C207A36} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7AA5-F952-4BC8-A5F5-24281D4D7A62} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {2B3C2BDF-86CE-4704-9B1C-AC3A353DC8E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {2D5E6350-5607-4CD9-9FA8-103F29153BB5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {43D3DD3B-DDA0-4366-A37D-DB8ABBF156C7} - System32\Tasks\{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13} => C:\Users\William\AppData\Roaming\ftbmt.dll [2014-10-10] ()
Task: {5C9BF8D4-BC2F-42E1-BE69-C15697134C03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A43A672C-C5A5-4EA2-B60F-2C94817BF3C9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A56DDD16-88B0-4A28-A86D-F31E83EF361C} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {BF19960C-949A-43F2-94BC-14D453A388E9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C921C5D7-35CB-4AB8-8BFD-2D11AB75DE3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {E5D773C2-0149-48AE-9A90-67BF637BC4C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFE60152-D9AC-40C1-BA13-2DB3F331C0DF} - \Security Center Update - 3645148669 No Task File <==== ATTENTION
Task: {F6F7EF5C-99CE-4297-943D-147132DEB2F5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

==================== Loaded Modules (whitelisted) =============

2013-12-16 08:30 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-11 12:43 - 2013-11-11 11:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 14:23 - 2012-08-31 15:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-08-22 12:51 - 2012-08-31 15:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-04-11 13:12 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-13 20:19 - 2013-02-05 01:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-11 13:20 - 2012-07-12 08:59 - 00178016 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\ismShutdownTool.exe
2013-08-22 12:51 - 2012-08-31 15:03 - 00373760 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2013-08-22 12:51 - 2012-08-31 15:02 - 01038336 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-08-22 12:51 - 2012-08-31 15:03 - 03034112 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2014-10-10 22:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-10 22:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-10 22:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-10 22:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-10 22:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-04-11 12:36 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-06 23:52 - 2013-12-06 23:52 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-11 12:42 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 11:20 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-10 02:04 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 20:56 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-20 16:48 - 2005-08-03 14:21 - 00110592 _____ () C:\Program Files (x86)\AIM\AIM_xmlp.dll
2013-07-20 16:48 - 2005-06-16 20:46 - 00081920 _____ () C:\Program Files (x86)\AIM\AIMToday.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00013312 _____ () C:\Program Files (x86)\AIM\oscres.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00053248 _____ () C:\Program Files (x86)\AIM\xmlparse.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00081920 _____ () C:\Program Files (x86)\AIM\xmltok.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00106496 _____ () C:\Program Files (x86)\AIM\AIMAX.dll
2013-07-20 16:48 - 2005-08-03 14:27 - 00006656 _____ () C:\Program Files (x86)\AIM\stats.ocm
2013-07-20 16:48 - 2004-08-18 16:56 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00229376 _____ () C:\Program Files (x86)\AIM\inetsocket.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-07-09 16:45 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-04-11 13:20 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-08-30 09:10 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2691411101-4239032498-4200853137-500 - Administrator - Disabled)
Gray (S-1-5-21-2691411101-4239032498-4200853137-1002 - Administrator - Enabled) => C:\Users\William
Guest (S-1-5-21-2691411101-4239032498-4200853137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2691411101-4239032498-4200853137-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2691411101-4239032498-4200853137-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2014 00:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1acb0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 11:54:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061233
Faulting process id: 0x1a6c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 11:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x19fe8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 11:46:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1a660
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 11:39:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1920c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 11:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x186a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 10:33:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (10/13/2014 10:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x134dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 10:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061252
Faulting process id: 0x103f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/13/2014 10:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x15994
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5


System errors:
=============
Error: (10/14/2014 00:41:48 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (10/13/2014 10:58:49 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:58:19 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:57:48 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:57:17 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:56:47 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:56:16 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:55:45 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:55:15 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/13/2014 10:54:44 PM) (Source: DCOM) (EventID: 10010) (User: Val)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (10/14/2014 00:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612061acb001cfe7639a866b01C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld96ccc96-5356-11e4-be98-fc9a3af5641c

Error: (10/13/2014 11:54:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612331a6c801cfe7629e16355aC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllddd62be1-5355-11e4-be98-fc9a3af5641c

Error: (10/13/2014 11:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c00000050006120619fe801cfe7628b38a76bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllcae400ff-5355-11e4-be98-fc9a3af5641c

Error: (10/13/2014 11:46:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612061a66001cfe7615c6d1f00C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll9cc24b09-5354-11e4-be98-fc9a3af5641c

Error: (10/13/2014 11:39:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612061920c01cfe7606c739426C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllad588d61-5353-11e4-be98-fc9a3af5641c

Error: (10/13/2014 11:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c000000500061206186a401cfe76046432de0C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll84b1613a-5353-11e4-be98-fc9a3af5641c

Error: (10/13/2014 10:33:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\William\Downloads\SoftonicDownloader_for_spybot-search-destroy.exe

Error: (10/13/2014 10:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c000000500061206134dc01cfe7562f85a1a6C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll6de75366-5349-11e4-be98-fc9a3af5641c

Error: (10/13/2014 10:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c000000500061252103f801cfe7562c66ea41C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll6aeccbf9-5349-11e4-be98-fc9a3af5641c

Error: (10/13/2014 10:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612061599401cfe7562be94078C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll6a662002-5349-11e4-be98-fc9a3af5641c


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 72%
Total physical RAM: 8057.77 MB
Available physical RAM: 2180.1 MB
Total Pagefile: 16249.77 MB
Available Pagefile: 8286.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:734.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6782BBF7)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

=========================================================

 

I feel compelled to note: The instance of:

C:\Users\William\gvvvmpjnqcrb.exe

Is not, in fact, the "problem" file.  It is one of the renamed files I used to sub in to help frustrate the Malware.

Edit: Also...cute avatar;)  Tell me what to do next when you get a chance; I will let you know if/when I anticipate any gaps in being around-ish.


Edited by GrayAnderson, 14 October 2014 - 02:23 AM.


#5 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 14 October 2014 - 02:31 AM

You can't "frustrate" it. Your machine is pretty heavily infected and it will take some time to restore its normal functionality.



warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:

  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.

Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).

  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.

I believe that we can kill this nasty bad guy thumbsup.gif

 


warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.

This is optional, but please consider it. At least until we are clean, cause SpyBot is able to hinder the removal process.

 


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CloseProcesses:
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Xakiugew] => "C:\Users\William\AppData\Roaming\Lihagav\odavgu.exe"
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Pdqcbzlseel] => regsvr32.exe /s "C:\Users\William\AppData\Local\Temp\jedmxtp.dll" <===== ATTENTION
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {80cda95e-e7cf-11e3-be8f-c3551cdb5d57} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {8caed73d-f13e-11e2-be75-2cd05ac84332} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d42194c8-1548-11e4-be91-fc1d330186bc} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d583a6d6-bb9d-11e3-be8d-ed366a99fd62} - "F:\MotorolaDeviceManagerSetup.exe" -a
    HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
    2014-10-13 22:33 - 2013-09-17 13:57 - 07890786 _____ (270soft.com ) C:\Users\William\gvvvmpjnqcrb.exe
    2014-10-11 01:00 - 2014-10-11 01:00 - 00000005 _____ () C:\Users\William\Documents\odavgu.exe.txt
    2014-10-13 09:44 - 2014-10-13 09:44 - 00002560 _____ () C:\Users\William\AppData\Local\AFF56F8E.exe
    2014-10-10 22:41 - 2014-10-11 01:05 - 00000000 ____D () C:\Users\William\AppData\Roaming\Lihagav
    2014-10-10 19:03 - 2014-10-10 19:34 - 00000000 ____D () C:\Users\William\AppData\Roaming\Uwypxah
    2014-10-10 01:50 - 2014-10-10 01:50 - 00081408 _____ () C:\Users\William\AppData\Roaming\ftbmt.dll
    2014-10-10 01:50 - 2014-10-10 01:50 - 00004028 _____ () C:\windows\System32\Tasks\{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13}
    2014-10-10 01:50 - 2014-10-10 01:50 - 00000000 _____ () C:\Users\William\AppData\Roaming\abmkk.dll
    C:\Users\William\gvvvmpjnqcrb.exe
    CustomCLSID: HKU\S-1-5-21-2691411101-4239032498-4200853137-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    EmptyTemp:
    Hosts:
    Task: {EFE60152-D9AC-40C1-BA13-2DB3F331C0DF} - \Security Center Update - 3645148669 No Task File <==== ATTENTION
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

 


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#6 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 14 October 2014 - 11:29 AM

Ok, going in order:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Gray at 2014-10-14 03:58:57 Run:1
Running from C:\Users\William\Downloads
Loaded Profiles: UpdatusUser & Gray (Available profiles: UpdatusUser & Gray)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Xakiugew] => "C:\Users\William\AppData\Roaming\Lihagav\odavgu.exe"
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Pdqcbzlseel] => regsvr32.exe /s "C:\Users\William\AppData\Local\Temp\jedmxtp.dll" <===== ATTENTION
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {80cda95e-e7cf-11e3-be8f-c3551cdb5d57} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {8caed73d-f13e-11e2-be75-2cd05ac84332} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d42194c8-1548-11e4-be91-fc1d330186bc} - "C:\windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\MountPoints2: {d583a6d6-bb9d-11e3-be8d-ed366a99fd62} - "F:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
2014-10-13 22:33 - 2013-09-17 13:57 - 07890786 _____ (270soft.com ) C:\Users\William\gvvvmpjnqcrb.exe
2014-10-11 01:00 - 2014-10-11 01:00 - 00000005 _____ () C:\Users\William\Documents\odavgu.exe.txt
2014-10-13 09:44 - 2014-10-13 09:44 - 00002560 _____ () C:\Users\William\AppData\Local\AFF56F8E.exe
2014-10-10 22:41 - 2014-10-11 01:05 - 00000000 ____D () C:\Users\William\AppData\Roaming\Lihagav
2014-10-10 19:03 - 2014-10-10 19:34 - 00000000 ____D () C:\Users\William\AppData\Roaming\Uwypxah
2014-10-10 01:50 - 2014-10-10 01:50 - 00081408 _____ () C:\Users\William\AppData\Roaming\ftbmt.dll
2014-10-10 01:50 - 2014-10-10 01:50 - 00004028 _____ () C:\windows\System32\Tasks\{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13}
2014-10-10 01:50 - 2014-10-10 01:50 - 00000000 _____ () C:\Users\William\AppData\Roaming\abmkk.dll
C:\Users\William\gvvvmpjnqcrb.exe
CustomCLSID: HKU\S-1-5-21-2691411101-4239032498-4200853137-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp:
Hosts:
Task: {EFE60152-D9AC-40C1-BA13-2DB3F331C0DF} - \Security Center Update - 3645148669 No Task File <==== ATTENTION
end
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found.
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Xakiugew => value deleted successfully.
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Pdqcbzlseel => value deleted successfully.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80cda95e-e7cf-11e3-be8f-c3551cdb5d57}" => Key deleted successfully.
"HKCR\CLSID\{80cda95e-e7cf-11e3-be8f-c3551cdb5d57}" => Key not found.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8caed73d-f13e-11e2-be75-2cd05ac84332}" => Key deleted successfully.
"HKCR\CLSID\{8caed73d-f13e-11e2-be75-2cd05ac84332}" => Key not found.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d42194c8-1548-11e4-be91-fc1d330186bc}" => Key deleted successfully.
"HKCR\CLSID\{d42194c8-1548-11e4-be91-fc1d330186bc}" => Key not found.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d583a6d6-bb9d-11e3-be8d-ed366a99fd62}" => Key deleted successfully.
"HKCR\CLSID\{d583a6d6-bb9d-11e3-be8d-ed366a99fd62}" => Key not found.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => Key deleted successfully.
C:\Users\William\gvvvmpjnqcrb.exe => Moved successfully.
C:\Users\William\Documents\odavgu.exe.txt => Moved successfully.
C:\Users\William\AppData\Local\AFF56F8E.exe => Moved successfully.
C:\Users\William\AppData\Roaming\Lihagav => Moved successfully.
C:\Users\William\AppData\Roaming\Uwypxah => Moved successfully.
C:\Users\William\AppData\Roaming\ftbmt.dll => Moved successfully.
C:\windows\System32\Tasks\{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13} => Moved successfully.
Could not move "C:\Users\William\AppData\Roaming\abmkk.dll" => Scheduled to move on reboot.
"C:\Users\William\gvvvmpjnqcrb.exe" => File/Directory not found.
"HKU\S-1-5-21-2691411101-4239032498-4200853137-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE60152-D9AC-40C1-BA13-2DB3F331C0DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE60152-D9AC-40C1-BA13-2DB3F331C0DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3645148669" => Key deleted successfully.
EmptyTemp: => Removed 14.3 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-14 12:19:27)<=

C:\Users\William\AppData\Roaming\abmkk.dll => Is moved successfully.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gray (administrator) on VAL on 14-10-2014 12:27:19
Running from C:\Users\William\Downloads
Loaded Profiles: UpdatusUser & Gray (Available profiles: UpdatusUser & Gray)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(America Online, Inc.) C:\Program Files (x86)\AIM\aim.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [AIM] => C:\Program Files (x86)\AIM\aim.exe [67160 2005-08-03] (America Online, Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 185.53.168.36:7808
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
SearchScopes: HKCU - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472}: [NameServer] 192.168.100.1,68.10.16.30

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 03:53 - 2014-10-14 03:54 - 00000085 _____ () C:\windows\wininit.ini
2014-10-14 03:27 - 2014-10-14 03:27 - 00000085 ____H () C:\Users\William\Documents\.~lock.Stock File 2014-08-19.xls#
2014-10-14 03:13 - 2014-10-14 03:13 - 00035854 _____ () C:\Users\William\Downloads\Addition.txt
2014-10-14 03:11 - 2014-10-14 12:27 - 00018343 _____ () C:\Users\William\Downloads\FRST.txt
2014-10-14 03:10 - 2014-10-14 12:27 - 00000000 ____D () C:\FRST
2014-10-14 03:10 - 2014-10-14 03:10 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64(1).exe
2014-10-14 03:10 - 2014-10-14 03:10 - 01101824 _____ (Farbar) C:\Users\William\Downloads\FRST.exe
2014-10-14 03:03 - 2014-10-14 03:03 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2014-10-13 09:45 - 2014-10-13 09:46 - 00302088 _____ () C:\windows\Minidump\101314-22500-01.dmp
2014-10-10 23:09 - 2014-10-11 01:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 23:08 - 2014-10-10 23:08 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-10 23:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-10 23:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-10 22:55 - 2014-10-14 06:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-10 22:55 - 2014-10-14 03:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-10-10 22:53 - 2014-10-10 22:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\William\Desktop\spybot-2-4.exe
2014-10-10 22:52 - 2014-10-10 22:52 - 00367456 _____ () C:\Users\William\Downloads\SoftonicDownloader_for_spybot-search-destroy.exe
2014-10-10 01:47 - 2014-10-10 18:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-05 04:28 - 2014-10-05 04:29 - 00301944 _____ () C:\windows\Minidump\100514-42062-01.dmp
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 22:30 - 2014-10-13 09:45 - 677069092 _____ () C:\windows\MEMORY.DMP
2014-10-02 22:30 - 2014-10-13 09:45 - 00000000 ____D () C:\windows\Minidump
2014-10-02 22:30 - 2014-10-02 22:30 - 00301792 _____ () C:\windows\Minidump\100214-48640-01.dmp
2014-09-30 21:08 - 2014-09-30 21:08 - 00000085 ____H () C:\Users\William\Documents\.~lock.Precinct Captains Nov 4th 2014.xlsx#
2014-09-30 10:59 - 2014-09-30 10:59 - 00027800 _____ () C:\Users\William\Documents\Precinct Captains Nov 4th 2014.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 12:23 - 2013-07-20 10:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Skype
2014-10-14 12:23 - 2013-04-11 12:23 - 01420220 _____ () C:\windows\WindowsUpdate.log
2014-10-14 12:23 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-14 12:22 - 2013-07-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-14 12:22 - 2013-04-11 13:16 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-10-14 12:22 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-14 12:20 - 2014-01-27 02:00 - 00008704 ___SH () C:\Users\William\Desktop\Thumbs.db
2014-10-14 12:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-14 06:09 - 2012-10-09 19:08 - 00023478 _____ () C:\windows\PFRO.log
2014-10-14 06:09 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-14 06:08 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-14 03:59 - 2013-07-19 18:21 - 00000000 ____D () C:\Users\William
2014-10-14 03:53 - 2013-07-20 17:49 - 00000000 ____D () C:\Users\William\AppData\Local\CrashDumps
2014-10-13 20:38 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-10 22:37 - 2013-08-15 23:07 - 00000000 ____D () C:\Users\William\AppData\Local\Cyberlink
2014-10-10 01:50 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-10-07 23:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-05 00:40 - 2014-05-21 22:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\quassel-irc.org
2014-10-04 19:16 - 2013-08-19 01:27 - 00635904 ___SH () C:\Users\William\Documents\Thumbs.db
2014-10-02 22:54 - 2014-03-24 01:10 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 22:54 - 2013-07-20 10:00 - 00000000 ____D () C:\ProgramData\Skype
2014-09-29 12:33 - 2013-07-19 18:23 - 00000000 ____D () C:\Users\William\Documents\Bluetooth Folder
2014-09-23 17:14 - 2013-07-20 11:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-22 04:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-22 02:42 - 2013-08-20 05:00 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\Lenovo-13720.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-14 04:22

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Gray at 2014-10-14 12:27:37
Running from C:\Users\William\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bigasoft Total Video Converter 4.2.8.5275 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Crusader Kings II version 1.111 (HKLM-x32\...\{A30269D0-4F0B-44BB-A169-C665CA856EEC}}_is1) (Version: 1.111 - Paradox Interactive)
Deus Vult (HKLM-x32\...\Deus Vult_is1) (Version:  - GamersGate)
D-Fend Reloaded 1.3.5 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.5 - Alexander Herzog)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Galcon Fusion (HKLM-x32\...\Steam App 44200) (Version:  - Hassey Enterprises, Inc.)
Galcon Legends (HKLM-x32\...\Steam App 201040) (Version:  - Hassey Enterprises, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobility (HKLM-x32\...\{65FA1A98-BB92-4DA3-9D62-D1F0281F030A}) (Version: 3.02 - )
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version:  - )
NarcoGuerra version 1.0 (HKLM-x32\...\{0071FACA-5E9B-4CE9-9F89-3D99F5FB175E}_is1) (Version: 1.0 - Auroch Digital)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
President Forever 2016 - v. 1.6.2 (HKLM-x32\...\P4E16_is1) (Version:  - 270soft.com)
Prime Minister Forever - Australia 2013 - v. 1.4.8 (HKLM-x32\...\PM4E_AUS_2013_is1) (Version:  - 270soft.com)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.10.0-1 - KDE)
Race To Mars (HKLM-x32\...\Steam App 257930) (Version:  - INTERMARUM)
Railroad Tycoon 2: Platinum (HKLM-x32\...\Steam App 7620) (Version:  - PopTop)
Railroad Tycoon 3 (HKLM-x32\...\Steam App 7610) (Version:  - PopTop)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version:  - Ubisoft)
SimCity 2000 Special Edition (HKLM-x32\...\GOGPACKSIMCITY2000_is1) (Version: 2.0.0.14 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.4 - Kathleen MacMahon)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TripleA Version 1_8_0_3 (HKLM-x32\...\TripleAVersion1_8_0_3) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-09-2014 07:30:49 Scheduled Checkpoint
02-10-2014 09:59:27 Scheduled Checkpoint
12-10-2014 01:59:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2014-10-14 03:59 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1482C4C7-3E0D-443E-933B-5DC77B3CA2F9} - System32\Tasks\Lenovo\Lenovo-13720 => C:\ProgramData\Lenovo-13720.vbs [2013-04-11] ()
Task: {17DD4961-34C0-4F19-A3ED-8F80E8330156} - System32\Tasks\{D70A3632-3EEB-43F5-98F4-253E8C207A36} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7AA5-F952-4BC8-A5F5-24281D4D7A62} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {2B3C2BDF-86CE-4704-9B1C-AC3A353DC8E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {43D3DD3B-DDA0-4366-A37D-DB8ABBF156C7} - \{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13} No Task File <==== ATTENTION
Task: {A43A672C-C5A5-4EA2-B60F-2C94817BF3C9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A56DDD16-88B0-4A28-A86D-F31E83EF361C} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {BF19960C-949A-43F2-94BC-14D453A388E9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C921C5D7-35CB-4AB8-8BFD-2D11AB75DE3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6F7EF5C-99CE-4297-943D-147132DEB2F5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

==================== Loaded Modules (whitelisted) =============

2013-12-16 08:30 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-11 12:43 - 2013-11-11 11:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 14:23 - 2012-08-31 15:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-08-22 12:51 - 2012-08-31 15:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-04-11 13:12 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-25 03:09 - 2013-01-25 03:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 03:05 - 2013-01-25 03:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 03:12 - 2013-01-25 03:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-03-13 20:19 - 2013-02-05 01:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-11 12:36 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00110592 _____ () C:\Program Files (x86)\AIM\AIM_xmlp.dll
2013-07-20 16:48 - 2005-06-16 20:46 - 00081920 _____ () C:\Program Files (x86)\AIM\AIMToday.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00013312 _____ () C:\Program Files (x86)\AIM\oscres.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00053248 _____ () C:\Program Files (x86)\AIM\xmlparse.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00081920 _____ () C:\Program Files (x86)\AIM\xmltok.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00106496 _____ () C:\Program Files (x86)\AIM\AIMAX.dll
2013-07-20 16:48 - 2005-08-03 14:27 - 00006656 _____ () C:\Program Files (x86)\AIM\stats.ocm
2013-07-20 16:48 - 2004-08-18 16:56 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2013-04-11 12:42 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 11:20 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-10 02:04 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 20:56 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 16:45 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-12-06 23:52 - 2013-12-06 23:52 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 09:10 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2691411101-4239032498-4200853137-500 - Administrator - Disabled)
Gray (S-1-5-21-2691411101-4239032498-4200853137-1002 - Administrator - Enabled) => C:\Users\William
Guest (S-1-5-21-2691411101-4239032498-4200853137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2691411101-4239032498-4200853137-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2691411101-4239032498-4200853137-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2014 06:10:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/14/2014 03:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x26608
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:22:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x24b68
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:20:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x25750
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:18:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x24e44
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:18:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x25180
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:17:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x250a4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:16:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x24ba4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 03:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x24744
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/14/2014 00:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1acb0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5


System errors:
=============
Error: (10/14/2014 06:10:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 06:10:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (10/14/2014 03:59:38 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (10/14/2014 03:59:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 03:59:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 03:59:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AtherosSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 03:59:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 03:59:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/14/2014 03:59:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2014 03:59:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (10/14/2014 06:10:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/14/2014 03:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612062660801cfe783f3111c51C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll313efdb5-5377-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:22:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c00000050006120624b6801cfe77fa2d34c42C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlle1488957-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:20:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612062575001cfe77f4e4c245dC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll8e7b434c-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:18:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c00000050006120624e4401cfe77eff967000C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll3ece84d4-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:18:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612062518001cfe77efa5decf9C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll3a284592-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:17:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c000000500061206250a401cfe77ef8f42eaaC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll38da0900-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:16:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c00000050006120624ba401cfe77ed0fb50e0C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll0f8bdcf3-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 03:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612062474401cfe77ecf35cf7fC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll0d6fd4d3-5372-11e4-be98-fc9a3af5641c

Error: (10/14/2014 00:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.164535010888antdll.dll6.2.9200.16420505aaa82c0000005000612061acb001cfe7639a866b01C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlld96ccc96-5356-11e4-be98-fc9a3af5641c


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8057.77 MB
Available physical RAM: 5698.44 MB
Total Pagefile: 16249.77 MB
Available Pagefile: 13766.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:746.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6782BBF7)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 14 October 2014 - 11:32 AM

Just as an added note, when I woke up this morning (I disabled the wifi on my computer while it scanned last night and then dozed off), my internet history was blanked.  (I'm using the computer now, but only because I have no other to turn to for this).

 

Edit: My wifi was also disabled without explanation (as in, when I tried to turn the wifi back on it came across as disabled).

 

Edit: I just shut down another ComSurrogate eruption just now, too.  Groan.

 

Edit: Ok, an observation if I might: When I go in and start shutting down the ComSurrogate instances, at some random point they'll all shut down out of the blue (as if I found the magic one to kill or something).  This is just an observation that may be useless...but I figured I would provide it all the same.


Edited by GrayAnderson, 14 October 2014 - 12:49 PM.


#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 15 October 2014 - 01:46 AM

Hi :)
 
Thank you for all the info provided. You had a Poweliks infection, what caused the dllhost.exe heavy infestation, however the logfiles indicate that we managed to kill it. Dllhost.exe is a legitimate instance itself, it was just draining your machine's resources because of infection.
 
Let's see additional scan results.



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 October 2014 - 02:10 AM

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gray [Administrator]
Mode : Scan -- Date : 10/15/2014  03:10:30

¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\syswow64\svchost.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 185.53.168.36:7808  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 185.53.168.36:7808  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472} | NameServer : 192.168.100.1,68.10.16.30  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472} | NameServer : 192.168.100.1,68.10.16.30  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\OFFICE2013ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> Found
[Suspicious.Path] \Lenovo\Lenovo-13720 -- C:\ProgramData\Lenovo-13720.vbs -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr()] \SystemRoot\System32\drivers\i8042prt.sys - IRP_MJ_READ[3] : C:\windows\system32\DRIVERS\ETD.sys @ 0x6a6bed8
[EAT:Addr] (explorer.exe) PhotoBase.dll - CPlApplet : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3dc0
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllCanUnloadNow : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3a60
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllGetClassObject : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3a8c
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllRegisterServer : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3b14
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllUnregisterServer : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3b48
[EAT:Addr] (explorer.exe) PhotoBase.dll - GetProxyDllInfo : C:\windows\system32\timedate.cpl @ 0x7fa5c3d9a48

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 710f57a96686712211d9776586abce01
[BSP] 78b21c66e6abd86dd5d3f4b9b2b2c2ec : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 15 October 2014 - 02:16 AM

Good, now let's remove some findings. How is your machine behaving at the moment?



RogueKiller.png Fix with RogueKiller

Please re-run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Go through the tabs, and select all under the Registry tab for deletion. Uncheck the other items.
  • Upon completion, the Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 October 2014 - 03:47 AM

My machine appears to be behaving well.  I had a ComSurrogate eruption not too long ago (which I posted about) but nothing since then has been abnormal.  I'm crossing my fingers at the moment.  I went through and (I believe) deleted everything that came up in the registry listing.  Report below.

 

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Gray [Administrator]
Mode : Delete -- Date : 10/15/2014  04:47:07

¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\syswow64\svchost.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 14 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 185.53.168.36:7808  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 185.53.168.36:7808  -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2691411101-4239032498-4200853137-1002\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.82.104.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.82.104.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1EE0071-4754-4697-BB33-92ED134E7C25} | DhcpNameServer : 10.82.104.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472} | NameServer : 192.168.100.1,68.10.16.30  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F1EE0071-4754-4697-BB33-92ED134E7C25} | DhcpNameServer : 10.82.104.1  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F8B98277-FE99-4C55-B4E4-B3281D197472} | NameServer : 192.168.100.1,68.10.16.30  -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\OFFICE2013ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> Deleted
[Suspicious.Path] \Lenovo\Lenovo-13720 -- C:\ProgramData\Lenovo-13720.vbs -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr()] \SystemRoot\System32\drivers\i8042prt.sys - IRP_MJ_READ[3] : C:\windows\system32\DRIVERS\ETD.sys @ 0x6a6bed8
[EAT:Addr] (explorer.exe) PhotoBase.dll - CPlApplet : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3dc0
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllCanUnloadNow : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3a60
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllGetClassObject : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3a8c
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllRegisterServer : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3b14
[EAT:Addr] (explorer.exe) PhotoBase.dll - DllUnregisterServer : C:\windows\system32\timedate.cpl @ 0x7fa5c3e3b48
[EAT:Addr] (explorer.exe) PhotoBase.dll - GetProxyDllInfo : C:\windows\system32\timedate.cpl @ 0x7fa5c3d9a48

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 710f57a96686712211d9776586abce01
[BSP] 78b21c66e6abd86dd5d3f4b9b2b2c2ec : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10152014_031030.log - RKreport_SCN_10152014_034956.log - RKreport_SCN_10152014_044536.log



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 15 October 2014 - 03:52 AM

My machine appears to be behaving well.

I'm glad to hear that! :)
 
Let's take some more scans to be sure that nothing hides there.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 October 2014 - 04:36 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8 x64
Ran by Gray on Wed 10/15/2014 at  5:14:00.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Failed to delete: [Folder] "C:\Program Files (x86)\viewpoint"



~~~ FireFox

Emptied folder: C:\Users\William\AppData\Roaming\mozilla\firefox\profiles\rfoy2q6j.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/15/2014 at  5:15:57.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.000 - Report created 15/10/2014 at 05:22:43
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 8  (64 bits)
# Username : Gray - VAL
# Running from : C:\Users\William\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Viewpoint

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Viewpoint
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16453


-\\ Mozilla Firefox v25.0.1 (en-US)


*************************

AdwCleaner[R0].txt - [2771 octets] - [15/10/2014 05:22:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2831 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gray (administrator) on VAL on 15-10-2014 05:35:39
Running from C:\Users\William\Downloads
Loaded Profiles: UpdatusUser & Gray (Available profiles: UpdatusUser & Gray)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(America Online, Inc.) C:\Program Files (x86)\AIM\aim.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
() C:\Users\William\Downloads\RogueKillerX64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\William\Downloads\AdwCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [AIM] => C:\Program Files (x86)\AIM\aim.exe [67160 2005-08-03] (America Online, Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56592FC359E8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
SearchScopes: HKCU - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.82.104.1

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2014-10-15] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 05:22 - 2014-10-15 05:23 - 00000000 ____D () C:\AdwCleaner
2014-10-15 05:19 - 2014-10-15 05:19 - 01976320 _____ () C:\Users\William\Downloads\AdwCleaner.exe
2014-10-15 05:15 - 2014-10-15 05:15 - 00001106 _____ () C:\Users\William\Desktop\JRT.txt
2014-10-15 05:13 - 2014-10-15 05:13 - 01705698 _____ (Thisisu) C:\Users\William\Downloads\JRT.exe
2014-10-15 05:13 - 2014-10-15 05:13 - 00000000 ____D () C:\windows\ERUNT
2014-10-15 02:58 - 2014-10-15 02:58 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-15 02:58 - 2014-10-15 02:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 02:57 - 2014-10-15 02:58 - 18495064 _____ () C:\Users\William\Downloads\RogueKillerX64.exe
2014-10-14 03:27 - 2014-10-14 03:27 - 00000085 ____H () C:\Users\William\Documents\.~lock.Stock File 2014-08-19.xls#
2014-10-14 03:13 - 2014-10-14 12:27 - 00033279 _____ () C:\Users\William\Downloads\Addition.txt
2014-10-14 03:11 - 2014-10-15 05:35 - 00018865 _____ () C:\Users\William\Downloads\FRST.txt
2014-10-14 03:10 - 2014-10-15 05:35 - 00000000 ____D () C:\FRST
2014-10-14 03:10 - 2014-10-14 03:10 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64(1).exe
2014-10-14 03:10 - 2014-10-14 03:10 - 01101824 _____ (Farbar) C:\Users\William\Downloads\FRST.exe
2014-10-14 03:03 - 2014-10-14 03:03 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2014-10-13 09:45 - 2014-10-13 09:46 - 00302088 _____ () C:\windows\Minidump\101314-22500-01.dmp
2014-10-10 23:09 - 2014-10-11 01:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 23:08 - 2014-10-10 23:08 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-10 23:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-10 23:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-10 22:55 - 2014-10-14 06:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-10 22:55 - 2014-10-14 03:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-10-10 22:53 - 2014-10-10 22:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\William\Desktop\spybot-2-4.exe
2014-10-10 22:52 - 2014-10-10 22:52 - 00367456 _____ () C:\Users\William\Downloads\SoftonicDownloader_for_spybot-search-destroy.exe
2014-10-10 01:47 - 2014-10-10 18:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-05 04:28 - 2014-10-05 04:29 - 00301944 _____ () C:\windows\Minidump\100514-42062-01.dmp
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 22:30 - 2014-10-13 09:45 - 677069092 _____ () C:\windows\MEMORY.DMP
2014-10-02 22:30 - 2014-10-13 09:45 - 00000000 ____D () C:\windows\Minidump
2014-10-02 22:30 - 2014-10-02 22:30 - 00301792 _____ () C:\windows\Minidump\100214-48640-01.dmp
2014-09-30 21:08 - 2014-09-30 21:08 - 00000085 ____H () C:\Users\William\Documents\.~lock.Precinct Captains Nov 4th 2014.xlsx#
2014-09-30 10:59 - 2014-09-30 10:59 - 00027800 _____ () C:\Users\William\Documents\Precinct Captains Nov 4th 2014.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 05:35 - 2013-07-20 10:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Skype
2014-10-15 05:16 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-15 05:15 - 2013-04-11 12:23 - 01448818 _____ () C:\windows\WindowsUpdate.log
2014-10-15 05:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-15 04:47 - 2013-04-11 13:16 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-10-15 04:37 - 2013-07-19 18:23 - 00000000 ____D () C:\Users\William\Documents\Bluetooth Folder
2014-10-14 21:18 - 2013-08-05 18:11 - 00000000 ____D () C:\Users\William\Documents\Amtrak Stuff
2014-10-14 12:49 - 2013-07-20 17:49 - 00000000 ____D () C:\Users\William\AppData\Local\CrashDumps
2014-10-14 12:23 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-14 12:22 - 2013-07-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-14 12:22 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-14 12:20 - 2014-01-27 02:00 - 00008704 ___SH () C:\Users\William\Desktop\Thumbs.db
2014-10-14 06:09 - 2012-10-09 19:08 - 00023478 _____ () C:\windows\PFRO.log
2014-10-14 06:09 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-14 06:08 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-14 03:59 - 2013-07-19 18:21 - 00000000 ____D () C:\Users\William
2014-10-10 22:37 - 2013-08-15 23:07 - 00000000 ____D () C:\Users\William\AppData\Local\Cyberlink
2014-10-10 01:50 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-10-07 23:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-05 00:40 - 2014-05-21 22:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\quassel-irc.org
2014-10-04 19:16 - 2013-08-19 01:27 - 00635904 ___SH () C:\Users\William\Documents\Thumbs.db
2014-10-02 22:54 - 2014-03-24 01:10 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 22:54 - 2013-07-20 10:00 - 00000000 ____D () C:\ProgramData\Skype
2014-09-23 17:14 - 2013-07-20 11:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-22 04:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-22 02:42 - 2013-08-20 05:00 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\Lenovo-13720.vbs


Some content of TEMP:
====================
C:\Users\William\AppData\Local\Temp\Quarantine.exe
C:\Users\William\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-14 04:22

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Gray at 2014-10-15 05:35:58
Running from C:\Users\William\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bigasoft Total Video Converter 4.2.8.5275 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Crusader Kings II version 1.111 (HKLM-x32\...\{A30269D0-4F0B-44BB-A169-C665CA856EEC}}_is1) (Version: 1.111 - Paradox Interactive)
Deus Vult (HKLM-x32\...\Deus Vult_is1) (Version:  - GamersGate)
D-Fend Reloaded 1.3.5 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.5 - Alexander Herzog)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Galcon Fusion (HKLM-x32\...\Steam App 44200) (Version:  - Hassey Enterprises, Inc.)
Galcon Legends (HKLM-x32\...\Steam App 201040) (Version:  - Hassey Enterprises, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobility (HKLM-x32\...\{65FA1A98-BB92-4DA3-9D62-D1F0281F030A}) (Version: 3.02 - )
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version:  - )
NarcoGuerra version 1.0 (HKLM-x32\...\{0071FACA-5E9B-4CE9-9F89-3D99F5FB175E}_is1) (Version: 1.0 - Auroch Digital)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
President Forever 2016 - v. 1.6.2 (HKLM-x32\...\P4E16_is1) (Version:  - 270soft.com)
Prime Minister Forever - Australia 2013 - v. 1.4.8 (HKLM-x32\...\PM4E_AUS_2013_is1) (Version:  - 270soft.com)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.10.0-1 - KDE)
Race To Mars (HKLM-x32\...\Steam App 257930) (Version:  - INTERMARUM)
Railroad Tycoon 2: Platinum (HKLM-x32\...\Steam App 7620) (Version:  - PopTop)
Railroad Tycoon 3 (HKLM-x32\...\Steam App 7610) (Version:  - PopTop)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version:  - Ubisoft)
SimCity 2000 Special Edition (HKLM-x32\...\GOGPACKSIMCITY2000_is1) (Version: 2.0.0.14 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.4 - Kathleen MacMahon)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TripleA Version 1_8_0_3 (HKLM-x32\...\TripleAVersion1_8_0_3) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-09-2014 07:30:49 Scheduled Checkpoint
02-10-2014 09:59:27 Scheduled Checkpoint
12-10-2014 01:59:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2014-10-14 03:59 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17DD4961-34C0-4F19-A3ED-8F80E8330156} - System32\Tasks\{D70A3632-3EEB-43F5-98F4-253E8C207A36} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7AA5-F952-4BC8-A5F5-24281D4D7A62} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {2B3C2BDF-86CE-4704-9B1C-AC3A353DC8E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {43D3DD3B-DDA0-4366-A37D-DB8ABBF156C7} - \{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13} No Task File <==== ATTENTION
Task: {A43A672C-C5A5-4EA2-B60F-2C94817BF3C9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {BF19960C-949A-43F2-94BC-14D453A388E9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C921C5D7-35CB-4AB8-8BFD-2D11AB75DE3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6F7EF5C-99CE-4297-943D-147132DEB2F5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

==================== Loaded Modules (whitelisted) =============

2013-12-16 08:30 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-11 12:43 - 2013-11-11 11:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 14:23 - 2012-08-31 15:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-08-22 12:51 - 2012-08-31 15:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-04-11 13:12 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-25 03:09 - 2013-01-25 03:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 03:05 - 2013-01-25 03:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 03:12 - 2013-01-25 03:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-03-13 20:19 - 2013-02-05 01:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 12:51 - 2012-08-31 15:03 - 00373760 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2013-08-22 12:51 - 2012-08-31 15:02 - 01038336 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-08-22 12:51 - 2012-08-31 15:03 - 03034112 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2014-10-15 02:57 - 2014-10-15 02:58 - 18495064 _____ () C:\Users\William\Downloads\RogueKillerX64.exe
2014-10-15 05:19 - 2014-10-15 05:19 - 01976320 _____ () C:\Users\William\Downloads\AdwCleaner.exe
2013-04-11 12:36 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00110592 _____ () C:\Program Files (x86)\AIM\AIM_xmlp.dll
2013-07-20 16:48 - 2005-06-16 20:46 - 00081920 _____ () C:\Program Files (x86)\AIM\AIMToday.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00013312 _____ () C:\Program Files (x86)\AIM\oscres.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00053248 _____ () C:\Program Files (x86)\AIM\xmlparse.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00081920 _____ () C:\Program Files (x86)\AIM\xmltok.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00106496 _____ () C:\Program Files (x86)\AIM\AIMAX.dll
2013-07-20 16:48 - 2005-08-03 14:27 - 00006656 _____ () C:\Program Files (x86)\AIM\stats.ocm
2013-07-20 16:48 - 2004-08-18 16:56 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00229376 _____ () C:\Program Files (x86)\AIM\inetsocket.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2013-04-11 12:42 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 11:20 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-10 02:04 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 20:56 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 16:45 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-30 09:10 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2013-12-06 23:52 - 2013-12-06 23:52 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2691411101-4239032498-4200853137-500 - Administrator - Disabled)
Gray (S-1-5-21-2691411101-4239032498-4200853137-1002 - Administrator - Enabled) => C:\Users\William
Guest (S-1-5-21-2691411101-4239032498-4200853137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2691411101-4239032498-4200853137-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2691411101-4239032498-4200853137-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: UMDF HID minidriver Device
Description: UMDF HID minidriver Device
Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
Manufacturer: Lenovo
Service: mshidumdf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8057.77 MB
Available physical RAM: 3576.75 MB
Total Pagefile: 16249.77 MB
Available Pagefile: 12451.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:746.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6782BBF7)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Am restarting now; back in a few.



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:25 AM

Posted 15 October 2014 - 04:43 AM

The AdwCleaner log indicates that you didn't choose the Clean option. This is a good moment to do so :)



adwcleaner_new.png Fix with AdwCleaner

Please re-run AdwCleaner.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.



And after that please perform these scans, hopefully after them only a cleanup will be needed :)



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

 

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 GrayAnderson

GrayAnderson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 October 2014 - 04:54 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Gray (administrator) on VAL on 15-10-2014 05:35:39
Running from C:\Users\William\Downloads
Loaded Profiles: UpdatusUser & Gray (Available profiles: UpdatusUser & Gray)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(America Online, Inc.) C:\Program Files (x86)\AIM\aim.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
() C:\Users\William\Downloads\RogueKillerX64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\William\Downloads\AdwCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [AIM] => C:\Program Files (x86)\AIM\aim.exe [67160 2005-08-03] (America Online, Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2691411101-4239032498-4200853137-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56592FC359E8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
SearchScopes: HKCU - {66FCFC03-8B13-4FAC-AD30-D936DC6F344A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.82.104.1

FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\rfoy2q6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-05] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2014-10-15] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 05:22 - 2014-10-15 05:23 - 00000000 ____D () C:\AdwCleaner
2014-10-15 05:19 - 2014-10-15 05:19 - 01976320 _____ () C:\Users\William\Downloads\AdwCleaner.exe
2014-10-15 05:15 - 2014-10-15 05:15 - 00001106 _____ () C:\Users\William\Desktop\JRT.txt
2014-10-15 05:13 - 2014-10-15 05:13 - 01705698 _____ (Thisisu) C:\Users\William\Downloads\JRT.exe
2014-10-15 05:13 - 2014-10-15 05:13 - 00000000 ____D () C:\windows\ERUNT
2014-10-15 02:58 - 2014-10-15 02:58 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-15 02:58 - 2014-10-15 02:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 02:57 - 2014-10-15 02:58 - 18495064 _____ () C:\Users\William\Downloads\RogueKillerX64.exe
2014-10-14 03:27 - 2014-10-14 03:27 - 00000085 ____H () C:\Users\William\Documents\.~lock.Stock File 2014-08-19.xls#
2014-10-14 03:13 - 2014-10-14 12:27 - 00033279 _____ () C:\Users\William\Downloads\Addition.txt
2014-10-14 03:11 - 2014-10-15 05:35 - 00018865 _____ () C:\Users\William\Downloads\FRST.txt
2014-10-14 03:10 - 2014-10-15 05:35 - 00000000 ____D () C:\FRST
2014-10-14 03:10 - 2014-10-14 03:10 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64(1).exe
2014-10-14 03:10 - 2014-10-14 03:10 - 01101824 _____ (Farbar) C:\Users\William\Downloads\FRST.exe
2014-10-14 03:03 - 2014-10-14 03:03 - 02110464 _____ (Farbar) C:\Users\William\Downloads\FRST64.exe
2014-10-13 09:45 - 2014-10-13 09:46 - 00302088 _____ () C:\windows\Minidump\101314-22500-01.dmp
2014-10-10 23:09 - 2014-10-11 01:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 23:08 - 2014-10-10 23:08 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 23:08 - 2014-10-10 23:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 23:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-10 23:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-10 23:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-10 22:55 - 2014-10-14 06:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-10 22:55 - 2014-10-14 03:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-10-10 22:53 - 2014-10-10 22:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\William\Desktop\spybot-2-4.exe
2014-10-10 22:52 - 2014-10-10 22:52 - 00367456 _____ () C:\Users\William\Downloads\SoftonicDownloader_for_spybot-search-destroy.exe
2014-10-10 01:47 - 2014-10-10 18:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-05 04:28 - 2014-10-05 04:29 - 00301944 _____ () C:\windows\Minidump\100514-42062-01.dmp
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 22:54 - 2014-10-02 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 22:30 - 2014-10-13 09:45 - 677069092 _____ () C:\windows\MEMORY.DMP
2014-10-02 22:30 - 2014-10-13 09:45 - 00000000 ____D () C:\windows\Minidump
2014-10-02 22:30 - 2014-10-02 22:30 - 00301792 _____ () C:\windows\Minidump\100214-48640-01.dmp
2014-09-30 21:08 - 2014-09-30 21:08 - 00000085 ____H () C:\Users\William\Documents\.~lock.Precinct Captains Nov 4th 2014.xlsx#
2014-09-30 10:59 - 2014-09-30 10:59 - 00027800 _____ () C:\Users\William\Documents\Precinct Captains Nov 4th 2014.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 05:35 - 2013-07-20 10:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Skype
2014-10-15 05:16 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-15 05:15 - 2013-04-11 12:23 - 01448818 _____ () C:\windows\WindowsUpdate.log
2014-10-15 05:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-15 04:47 - 2013-04-11 13:16 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-10-15 04:37 - 2013-07-19 18:23 - 00000000 ____D () C:\Users\William\Documents\Bluetooth Folder
2014-10-14 21:18 - 2013-08-05 18:11 - 00000000 ____D () C:\Users\William\Documents\Amtrak Stuff
2014-10-14 12:49 - 2013-07-20 17:49 - 00000000 ____D () C:\Users\William\AppData\Local\CrashDumps
2014-10-14 12:23 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-14 12:22 - 2013-07-19 21:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-14 12:22 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-14 12:20 - 2014-01-27 02:00 - 00008704 ___SH () C:\Users\William\Desktop\Thumbs.db
2014-10-14 06:09 - 2012-10-09 19:08 - 00023478 _____ () C:\windows\PFRO.log
2014-10-14 06:09 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-14 06:08 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-14 03:59 - 2013-07-19 18:21 - 00000000 ____D () C:\Users\William
2014-10-10 22:37 - 2013-08-15 23:07 - 00000000 ____D () C:\Users\William\AppData\Local\Cyberlink
2014-10-10 01:50 - 2012-07-26 01:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-10-07 23:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-05 00:40 - 2014-05-21 22:42 - 00000000 ____D () C:\Users\William\AppData\Roaming\quassel-irc.org
2014-10-04 19:16 - 2013-08-19 01:27 - 00635904 ___SH () C:\Users\William\Documents\Thumbs.db
2014-10-02 22:54 - 2014-03-24 01:10 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 22:54 - 2013-07-20 10:00 - 00000000 ____D () C:\ProgramData\Skype
2014-09-23 17:14 - 2013-07-20 11:01 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-22 04:01 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-22 02:42 - 2013-08-20 05:00 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\Lenovo-13720.vbs


Some content of TEMP:
====================
C:\Users\William\AppData\Local\Temp\Quarantine.exe
C:\Users\William\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-14 04:22

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Gray at 2014-10-15 05:35:58
Running from C:\Users\William\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bigasoft Total Video Converter 4.2.8.5275 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version:  - Bigasoft Corporation)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Crusader Kings II version 1.111 (HKLM-x32\...\{A30269D0-4F0B-44BB-A169-C665CA856EEC}}_is1) (Version: 1.111 - Paradox Interactive)
Deus Vult (HKLM-x32\...\Deus Vult_is1) (Version:  - GamersGate)
D-Fend Reloaded 1.3.5 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.5 - Alexander Herzog)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)
Galcon Fusion (HKLM-x32\...\Steam App 44200) (Version:  - Hassey Enterprises, Inc.)
Galcon Legends (HKLM-x32\...\Steam App 201040) (Version:  - Hassey Enterprises, Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobility (HKLM-x32\...\{65FA1A98-BB92-4DA3-9D62-D1F0281F030A}) (Version: 3.02 - )
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version:  - )
NarcoGuerra version 1.0 (HKLM-x32\...\{0071FACA-5E9B-4CE9-9F89-3D99F5FB175E}_is1) (Version: 1.0 - Auroch Digital)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
President Forever 2016 - v. 1.6.2 (HKLM-x32\...\P4E16_is1) (Version:  - 270soft.com)
Prime Minister Forever - Australia 2013 - v. 1.4.8 (HKLM-x32\...\PM4E_AUS_2013_is1) (Version:  - 270soft.com)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.10.0-1 - KDE)
Race To Mars (HKLM-x32\...\Steam App 257930) (Version:  - INTERMARUM)
Railroad Tycoon 2: Platinum (HKLM-x32\...\Steam App 7620) (Version:  - PopTop)
Railroad Tycoon 3 (HKLM-x32\...\Steam App 7610) (Version:  - PopTop)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version:  - Ubisoft)
SimCity 2000 Special Edition (HKLM-x32\...\GOGPACKSIMCITY2000_is1) (Version: 2.0.0.14 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
SimpleMU MUD Client (HKLM-x32\...\SimpleMU MUD Client) (Version: 4.4 - Kathleen MacMahon)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TripleA Version 1_8_0_3 (HKLM-x32\...\TripleAVersion1_8_0_3) (Version:  - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-09-2014 07:30:49 Scheduled Checkpoint
02-10-2014 09:59:27 Scheduled Checkpoint
12-10-2014 01:59:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2014-10-14 03:59 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17DD4961-34C0-4F19-A3ED-8F80E8330156} - System32\Tasks\{D70A3632-3EEB-43F5-98F4-253E8C207A36} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.6.0.106&amp;LastError=12002
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28EE7AA5-F952-4BC8-A5F5-24281D4D7A62} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {2B3C2BDF-86CE-4704-9B1C-AC3A353DC8E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {43D3DD3B-DDA0-4366-A37D-DB8ABBF156C7} - \{D2B2B324-AD0E-C7C4-E58A-14CCE7186C13} No Task File <==== ATTENTION
Task: {A43A672C-C5A5-4EA2-B60F-2C94817BF3C9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {BF19960C-949A-43F2-94BC-14D453A388E9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C921C5D7-35CB-4AB8-8BFD-2D11AB75DE3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6F7EF5C-99CE-4297-943D-147132DEB2F5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

==================== Loaded Modules (whitelisted) =============

2013-12-16 08:30 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-11 12:43 - 2013-11-11 11:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-22 14:23 - 2012-08-31 15:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-08-22 12:51 - 2012-08-31 15:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-04-11 13:12 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-25 03:09 - 2013-01-25 03:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 03:05 - 2013-01-25 03:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 03:12 - 2013-01-25 03:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-03-13 20:19 - 2013-02-05 01:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 12:51 - 2012-08-31 15:03 - 00373760 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2013-08-22 12:51 - 2012-08-31 15:02 - 01038336 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-08-22 12:51 - 2012-08-31 15:03 - 03034112 _____ () C:\windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2014-10-15 02:57 - 2014-10-15 02:58 - 18495064 _____ () C:\Users\William\Downloads\RogueKillerX64.exe
2014-10-15 05:19 - 2014-10-15 05:19 - 01976320 _____ () C:\Users\William\Downloads\AdwCleaner.exe
2013-04-11 12:36 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00110592 _____ () C:\Program Files (x86)\AIM\AIM_xmlp.dll
2013-07-20 16:48 - 2005-06-16 20:46 - 00081920 _____ () C:\Program Files (x86)\AIM\AIMToday.dll
2013-07-20 16:48 - 2005-08-03 14:21 - 00013312 _____ () C:\Program Files (x86)\AIM\oscres.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00053248 _____ () C:\Program Files (x86)\AIM\xmlparse.dll
2013-07-20 16:48 - 2004-05-18 20:55 - 00081920 _____ () C:\Program Files (x86)\AIM\xmltok.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00106496 _____ () C:\Program Files (x86)\AIM\AIMAX.dll
2013-07-20 16:48 - 2005-08-03 14:27 - 00006656 _____ () C:\Program Files (x86)\AIM\stats.ocm
2013-07-20 16:48 - 2004-08-18 16:56 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll
2013-07-20 16:48 - 2005-08-03 14:22 - 00229376 _____ () C:\Program Files (x86)\AIM\inetsocket.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-07-24 00:26 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2013-04-11 12:42 - 2013-11-14 07:58 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 11:20 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-10 02:04 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 09:10 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 20:56 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 16:45 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-30 09:10 - 2014-09-04 19:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 19:43 - 2014-06-11 19:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2013-12-06 23:52 - 2013-12-06 23:52 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2691411101-4239032498-4200853137-500 - Administrator - Disabled)
Gray (S-1-5-21-2691411101-4239032498-4200853137-1002 - Administrator - Enabled) => C:\Users\William
Guest (S-1-5-21-2691411101-4239032498-4200853137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2691411101-4239032498-4200853137-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2691411101-4239032498-4200853137-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: UMDF HID minidriver Device
Description: UMDF HID minidriver Device
Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
Manufacturer: Lenovo
Service: mshidumdf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8057.77 MB
Available physical RAM: 3576.75 MB
Total Pagefile: 16249.77 MB
Available Pagefile: 12451.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884.18 GB) (Free:746.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6782BBF7)

Partition: GPT Partition Type.

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users