Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after finding KVN398~1.exe


  • Please log in to reply
25 replies to this topic

#1 Sun&Sea

Sun&Sea

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 18 May 2015 - 09:40 PM

Original thread:

http://www.bleepingcomputer.com/forums/t/576531/removed-malware-problem-still-persists/#ipboard_body

 

The original issue of getting a Windows pop-up message asking if I wanted to allow KVN398~1.exe file to make changes to my computer has ceased after I ran ESET and it cleaned up things. However, as mentioned in my original thread, I still am seeing three files in my System32/drivers folder that came in at same time and date as the KVN file did (which was the time I originally downloaded the program with the malware). If it helps whoever is going to look through my FRST reports, the date and time that I dowloaded that program with the malware was 5/16/15 9:40pm (21:40pm). I didn't want to simply delete those three extra files by right clicking and deleting with mouse as I wasn't sure if that would be sufficient or not and I wanted those files to be looked at more closely.

 

Also, I do not know if this is related to the three remaining files in my system32/drivers folder or the KVN398 file that was removed by ESET, but Malwarebytes had picked up and cleaned two Trojan Downloaders (before I ran eset, but it did not solve the original issue until I ran eset), one of which had "AlaPerformance" in the title of the reg key, and I am still seeing AlaPerformance in my task manager processes - it is 'stopped' but I want to know why it is still showing up in the processes at all...is there another file on the computer somewhere that is related to that and needs to be removed? I don't see one anywhere so it is either hidden or called something else maybe? I have no idea what AlaPerformance is by the way...did a google search and it turned up nothing, but it came with that Core Temp program that I downloaded on 5/16, or at least I think it did.

 

While the original issue was resolved with that one KVN398 file, and so far I have not noticed any additional odd behaviour on my computer, I want to be sure I am 100% clean and tidy...thanks for helping further! :)

...............................................................................................................................................

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by MF (ATTENTION: The logged in user is not administrator) on T1 on 18-05-2015 18:45:41
Running from C:\Users\MF\Desktop
Loaded Profiles: MF & Administrator (Available profiles: MF & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> ibmpmsvc.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> TPHKSVC.exe
Failed to access process -> armsvc.exe
Failed to access process -> tpnumlk.exe
Failed to access process -> svchost.exe
Failed to access process -> btwdins.exe
Failed to access process -> svchost.exe
Failed to access process -> DOZESVC.EXE
Failed to access process -> EvtEng.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> LMS.exe
Failed to access process -> svchost.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> SDWSCSvc.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> iviRegMgr.exe
Failed to access process -> svchost.exe
Failed to access process -> tvt_reg_monitor_svc.exe
Failed to access process -> UNS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Failed to access process -> svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Failed to access process -> OSPPSVC.EXE
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-11-16] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\MountPoints2: {8ed2ed30-bc9e-11e4-a3de-f0def102e1f3} - D:\Setup.exe
HKU\S-1-5-18\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1113816930-1644768234-1934589812-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {371793A5-8520-4D3C-8CA5-DD65E2DBC6B4} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2013-04-18] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-11-22] ()
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Hotspot Shield Extension - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\afproxy@anchorfree.com [2014-06-24]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-12]
FF Extension: Classic Toolbar Buttons - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-12]
FF Extension: Pin It Button - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-09]
FF Extension: TinEye Reverse Image Search - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\tineye@ideeinc.com.xpi [2014-05-12]
FF Extension: NoScript - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-12]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-05-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-03-05] (Macrovision Europe Ltd.) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-30] (WildTangent)
S3 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-08] (Lenovo Group Limited)
S3 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 AlaPerformance; C:\Windows\system32\drivers\svchost.exe run [X]
S4 NeroMediaHomeService.4; "C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 18:45 - 2015-05-18 18:45 - 00016792 _____ () C:\Users\MF\Desktop\FRST.txt
2015-05-18 18:45 - 2015-05-18 18:45 - 00000000 ____D () C:\FRST
2015-05-18 18:42 - 2015-05-18 18:42 - 01146368 _____ (Farbar) C:\Users\MF\Desktop\FRST.exe
2015-05-18 02:06 - 2015-05-18 02:13 - 00001059 _____ () C:\Users\MF\Desktop\ESETscan.txt
2015-05-17 23:44 - 2015-05-17 23:44 - 00000000 ____D () C:\Program Files\ESET
2015-05-17 23:43 - 2015-05-17 23:43 - 02347384 _____ (ESET) C:\Users\MF\Downloads\esetsmartinstaller_enu.exe
2015-05-17 23:30 - 2015-05-17 23:30 - 00040898 _____ () C:\Users\MF\Desktop\Mini Tool Box Results - 5-17-15.txt
2015-05-17 18:04 - 2015-05-17 18:04 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2015-05-17 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-17 18:03 - 2015-05-17 18:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-16 22:47 - 2015-05-16 22:47 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-05-16 21:41 - 2015-05-16 21:41 - 00000029 _____ () C:\Windows\system32\Drivers\nkbyrnkdaklsys462.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00490072 _____ (Alexander Roshal) C:\Windows\system32\Drivers\ndsvmaheklaiea32r3.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00436260 _____ () C:\Windows\system32\Drivers\rdtvdaslgmmsb32.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00000000 ____D () C:\Program Files\mtg
2015-05-15 04:28 - 2015-05-15 04:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-13 20:05 - 2015-05-13 20:05 - 00039857 _____ () C:\Users\MF\AppData\Local\recently-used.xbel
2015-05-12 20:09 - 2015-05-12 20:10 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-12 20:09 - 2015-05-12 20:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-12 19:39 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:36 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-05-12 18:46 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 18:46 - 2015-04-27 12:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 18:46 - 2015-04-27 12:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 18:46 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 18:46 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 18:46 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 18:46 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 18:46 - 2015-04-27 11:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 18:46 - 2015-04-21 07:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 18:46 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 18:46 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:46 - 2015-04-19 19:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:46 - 2015-04-19 19:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:46 - 2015-04-17 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 18:46 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 18:46 - 2015-04-17 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-12 18:46 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-12 18:46 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-12 18:45 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:45 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:45 - 2015-04-12 20:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 18:45 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-12 18:45 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-12 18:45 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-12 18:45 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-12 18:45 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 18:45 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-12 18:45 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-12 18:45 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-12 18:45 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 18:45 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-12 18:45 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-12 18:45 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-12 18:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-12 18:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-12 18:45 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-12 18:45 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-12 18:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-12 18:45 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-12 18:45 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-12 18:45 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-12 18:45 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-12 18:45 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-12 18:45 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 18:45 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 18:45 - 2015-01-27 16:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-12 18:45 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-12 18:45 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-12 18:45 - 2014-11-10 18:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-05-12 18:45 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-12 18:45 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:44 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-12 18:44 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-12 18:44 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-12 18:42 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-12 18:42 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-12 18:42 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-05-12 18:42 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 18:16 - 2012-03-13 22:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 16:43 - 2012-03-13 22:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 16:36 - 2009-07-20 22:30 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 16:36 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 16:36 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 16:31 - 2012-02-22 19:17 - 01052042 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 16:28 - 2014-05-25 01:00 - 00030712 _____ () C:\Windows\setupact.log
2015-05-18 16:28 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 02:04 - 2014-06-24 20:55 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Hotspot Shield
2015-05-17 02:34 - 2014-04-26 14:24 - 00000000 ____D () C:\AdwCleaner
2015-05-16 23:45 - 2014-08-26 08:51 - 00003676 _____ () C:\Windows\PFRO.log
2015-05-16 23:21 - 2014-05-14 22:10 - 00000000 ____D () C:\Users\MF\AppData\Roaming\inkscape
2015-05-16 21:43 - 2012-02-27 12:37 - 00000000 ____D () C:\temp
2015-05-16 15:40 - 2014-05-10 22:36 - 00000000 ____D () C:\Users\MF\AppData\Local\Adobe
2015-05-16 15:39 - 2012-03-30 18:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-16 15:39 - 2012-03-13 22:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 22:17 - 2014-05-25 13:34 - 00000000 ____D () C:\Users\MF\Documents\MRF - 2a
2015-05-15 20:24 - 2014-08-27 17:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 23:14 - 2015-02-23 23:12 - 00000000 ____D () C:\Users\MF\Documents\My Digital Editions
2015-05-14 16:00 - 2012-02-22 19:23 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-05-14 14:51 - 2014-04-20 17:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 20:09 - 2014-05-27 18:39 - 00000000 ____D () C:\Users\MF\.gimp-2.8
2015-05-13 20:05 - 2014-05-27 18:44 - 00000000 ____D () C:\Users\MF\AppData\Local\gtk-2.0
2015-05-13 15:53 - 2014-08-26 09:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 15:53 - 2014-08-26 09:03 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-13 15:52 - 2009-07-13 21:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-13 00:15 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-05-13 00:13 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-05-12 23:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-12 20:10 - 2012-03-14 11:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 20:10 - 2009-07-13 21:33 - 00431784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 20:09 - 2014-05-11 00:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-12 20:09 - 2009-07-21 04:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 20:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 19:41 - 2012-02-23 14:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:40 - 2014-08-26 13:09 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-12 19:40 - 2014-08-26 13:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-12 19:40 - 2014-08-26 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-12 19:29 - 2012-03-14 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-30 21:30 - 2014-10-08 00:02 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Orneon
2015-04-30 21:26 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-30 21:13 - 2014-09-29 20:06 - 00000000 ____D () C:\Program Files\WildTangent Games
2015-04-26 14:53 - 2012-02-22 19:15 - 00000000 ____D () C:\swshare

==================== Files in the root of some directories =======

2015-05-13 20:05 - 2015-05-13 20:05 - 0039857 _____ () C:\Users\MF\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by MF at 2015-05-18 18:46:05
Running from C:\Users\MF\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1113816930-1644768234-1934589812-500 - Administrator - Enabled) => C:\Users\Administrator.T1
Guest (S-1-5-21-1113816930-1644768234-1934589812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1113816930-1644768234-1934589812-1003 - Limited - Enabled)
MF (S-1-5-21-1113816930-1644768234-1934589812-1004 - Limited - Enabled) => C:\Users\MF
tvsu_tmp_pxlnqDWPZE (S-1-5-21-1113816930-1644768234-1934589812-1007 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Acrobat 9 Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Bejeweled 3 (Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Echoes of the Past: Revenge of the Witch (Version: 3.0.2.118 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hotspot Shield 3.42 (HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Hoyle Puzzle Games 2004 (HKLM\...\InstallShield_{12362BED-DF87-40CD-97AB-A6DA564E8B8F}) (Version: 1.00.0000 - Sierra)
Hoyle Puzzle Games 2004 (Version: 1.00.0000 - Sierra) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 1.28 (HKLM\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.31 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Motorola Mobile Drivers Installation 5.1.0 (HKLM\...\{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}) (Version: 5.1.0 - Motorola Inc.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.01.00 - )
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Princess Isabella: Return of the Curse -- Collector's Edition (Version: 2.2.0.98 - WildTangent) Hidden
RealMYST (HKLM\...\BFG-RealMYST) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Scribus 1.4.4 (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super TextTwist (Version: 2.2.0.97 - WildTangent) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.12 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job =>
Task: C:\Windows\Tasks\SystemToolsDailyTest.job =>

==================== Loaded Modules (Whitelisted) ==============

2014-04-21 23:15 - 2007-09-02 13:57 - 00069632 ____N () C:\Program Files\RocketDock\RocketDock.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____N () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-22 19:14 - 2009-11-26 11:10 - 00032768 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2015-05-17 18:03 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-17 18:03 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-17 18:03 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-21 23:15 - 2007-09-02 13:58 - 00495616 ____N () C:\Program Files\RocketDock\RocketDock.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____N () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:12F3508C
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KASWTSYS69254350238340 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KASWTSYS69254350238340 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuoteWerks Web Connector.lnk => C:\Windows\pss\QuoteWerks Web Connector.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: RocketDock => "C:\Program Files\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [FPS-SpoolSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [CoreNet-GP-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-GP-LSASS-Out-TCP] => (Block) %SystemRoot%\system32\lsass.exe
FirewallRules: [MSDTC-In-TCP-NoScope] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-KTMRM-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP-NoScope] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP-NoScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [NetPres-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{15A5F467-A448-46E1-B8A0-A07F1C859F08}] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{C506181A-5316-4C6B-B434-69E3E6BA02D2}] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{5D03B1D3-5564-4538-95BD-071B0257C090}] => (Block) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B779FF1-7E72-41C9-88F5-C22F22519FCF}] => (Block) svchost.exe
FirewallRules: [{1CA60CD0-84F6-45D7-84AD-C96261A1E267}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{949768FF-ED03-49CC-9160-846776CBB55A}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{C6BDE64C-5A5D-47A6-A0CD-10FE7B679244}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{212E0C5F-65C4-452D-AB51-924D6B263133}] => (Allow) LPort=135
FirewallRules: [{A08D6852-1502-47AE-B80C-9B349695D98A}] => (Block) LPort=135
FirewallRules: [{28B87F3E-75FA-4F0A-9EF6-DF79E13B7C7C}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{7A3996BE-699C-4822-9518-D4D10904AB16}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{2AB134B9-7DE9-4DDF-A57C-BA93A63E82C0}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E95541CA-C838-419F-9646-0357B85E09CB}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{70A59000-5CAA-459B-817C-B0C509C3B0AF}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F00B651F-221D-4550-8515-CC122FAD9D79}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{5F5ACD57-96DC-413A-93E7-8691B364DD85}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E56268FF-CDD0-4289-BBCD-ABB0FF4D3577}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F7BB2E4A-5724-4E8B-B97E-F9D421A75B6D}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{6558C001-E0DE-4F69-B5AA-3F66AE048945}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{2BA03A3B-EB07-4C63-B913-2C0F69602DED}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TCP Query User{09C1A4F8-5FD9-47D3-83D9-C5AE0E5EF84E}C:\program files\microsoft office\office14\excel.exe] => (Allow) C:\program files\microsoft office\office14\excel.exe
FirewallRules: [UDP Query User{0AF0A89E-74B7-4F49-B031-B020DED8228D}C:\program files\microsoft office\office14\excel.exe] => (Allow) C:\program files\microsoft office\office14\excel.exe
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{9D600C31-EDE2-484D-A2A9-64DEDEA1389C}] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [{5675320F-9880-45AA-AD3C-246DA61C9AAF}] => (Block) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{1AC01966-E0A7-410F-B27F-FD1A1339D18E}] => (Block) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{34676D7F-0386-4DC5-BA1C-2EC3E1AE3370}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{520CF8AA-7CEC-4880-85C2-9B7E2D04F70B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96849575-FC80-464C-807C-B65A35D66B31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5E7F76B-A170-4758-BC57-6C536456831E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C8E1C322-1A0B-41F7-997A-1A17E64CF087}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{A42F0073-7BB0-4048-A955-F6061C1887BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D20C6D7-44AA-4A8C-A515-D3C148082397}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{2EAE6414-1419-4927-9F0E-1C9935D4C5D6}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{20EA7594-25C4-4B2E-84AC-586B8247E804}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{ED1A7483-3D80-4AE2-B5C4-1DAB971E8D72}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{9D282C03-0FD3-4A2E-929F-B4AE403D076B}] => (Allow) C:\Users\Administrator.T1\AppData\Local\wd\wd.exe
FirewallRules: [{D36E68B8-6F61-4D1A-9B3D-5CFD7ECC9694}] => (Allow) C:\Users\Administrator.T1\AppData\Local\wd\wd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ThinkPad Modem Adapter
Description: ThinkPad Modem Adapter
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant Systems
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #9
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Integrated Camera
Description: Integrated Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Ricoh
Service: 5U877
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Active Management Technology - SOL (COM4)
Description: Intel® Active Management Technology - SOL
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Serial
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/18/2015 05:40:14 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 05:40:12 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 05:06:40 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{31b83854-5dc3-11e1-a80d-806e6f6e6963} - 00000138,0x0053c008,004C7FE8,0,004CAFF0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (05/18/2015 04:56:34 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (05/18/2015 04:56:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (05/18/2015 02:19:29 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 02:15:22 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (05/18/2015 04:43:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/18/2015 05:06:40 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/18/2015 02:17:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/17/2015 11:16:53 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/17/2015 10:47:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/17/2015 06:57:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/17/2015 03:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/17/2015 06:18:12 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/17/2015 02:04:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/16/2015 11:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900

Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name25900

Error: (05/18/2015 04:28:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name17900

Error: (05/18/2015 05:40:14 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 05:40:12 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 05:06:40 AM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{31b83854-5dc3-11e1-a80d-806e6f6e6963} - 00000138,0x0053c008,004C7FE8,0,004CAFF0,4096,[0])0x80070079, The semaphore timeout period has expired.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (05/18/2015 04:56:34 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (05/18/2015 04:56:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (05/18/2015 02:19:29 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/18/2015 02:15:22 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900


CodeIntegrity Errors:
===================================
  Date: 2014-08-26 08:49:04.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:23:46.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:12:02.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:03:47.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 15:40:58.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 15:25:25.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 13:40:31.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 13:39:51.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 09:50:52.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 08:39:19.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3059.67 MB
Available physical RAM: 1624.93 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 4499.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.98 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:100.36 GB) (Free:14.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.14 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 23 May 2015 - 09:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576639 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 24 May 2015 - 12:35 AM

I do not have the original Windows 7 CD.

 

I ran the FRST scan using the icon I already had on my desktop (it updated itself) and it only created one scan and did not include the Addition.txt scan...the box was unchecked (didn't notice that when I hit 'scan'). Do you need that one too?

..............................................................................................................................................................

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by MF (ATTENTION: The logged in user is not administrator) on T1 on 23-05-2015 22:18:56
Running from C:\Users\MF\Desktop\SCANS
Loaded Profiles: MF (Available Profiles: MF & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> ibmpmsvc.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> TPHKSVC.exe
Failed to access process -> armsvc.exe
Failed to access process -> tpnumlk.exe
Failed to access process -> svchost.exe
Failed to access process -> btwdins.exe
Failed to access process -> svchost.exe
Failed to access process -> DOZESVC.EXE
Failed to access process -> EvtEng.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> LMS.exe
Failed to access process -> svchost.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> SDWSCSvc.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
Failed to access process -> NisSrv.exe
Failed to access process -> taskeng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Failed to access process -> svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
Failed to access process -> SearchIndexer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
Failed to access process -> iviRegMgr.exe
Failed to access process -> svchost.exe
Failed to access process -> sppsvc.exe
Failed to access process -> tvt_reg_monitor_svc.exe
Failed to access process -> VSSVC.exe
Failed to access process -> WMIADAP.exe
Failed to access process -> taskhost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM-x32\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-11-16] (Lenovo Group Limited)
HKLM-x32\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\MountPoints2: {8ed2ed30-bc9e-11e4-a3de-f0def102e1f3} - D:\Setup.exe
HKU\S-1-5-18\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {371793A5-8520-4D3C-8CA5-DD65E2DBC6B4} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2013-04-18] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-11-22] ()
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Hotspot Shield Extension - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\afproxy@anchorfree.com [2014-06-24]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-12]
FF Extension: Classic Toolbar Buttons - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-12]
FF Extension: Pin It Button - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-12-09]
FF Extension: TinEye Reverse Image Search - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\tineye@ideeinc.com.xpi [2014-05-12]
FF Extension: NoScript - C:\Users\MF\AppData\Roaming\Mozilla\Firefox\Profiles\2dgysc46.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-12]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-05-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\MF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-03-05] (Macrovision Europe Ltd.) []
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-30] (WildTangent)
S3 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-08] (Lenovo Group Limited)
S3 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 AlaPerformance; C:\Windows\system32\drivers\svchost.exe run [X]
S4 NeroMediaHomeService.4; "C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-19 19:22 - 2015-05-23 22:18 - 00000000 ____D () C:\Users\MF\Desktop\SCANS
2015-05-18 18:45 - 2015-05-23 22:18 - 00000000 ____D () C:\FRST
2015-05-17 23:44 - 2015-05-17 23:44 - 00000000 ____D () C:\Program Files\ESET
2015-05-17 23:43 - 2015-05-17 23:43 - 02347384 _____ (ESET) C:\Users\MF\Downloads\esetsmartinstaller_enu.exe
2015-05-17 18:04 - 2015-05-17 18:04 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2015-05-17 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-17 18:03 - 2015-05-17 18:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-16 22:47 - 2015-05-16 22:47 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-05-16 21:41 - 2015-05-16 21:41 - 00000029 _____ () C:\Windows\system32\Drivers\nkbyrnkdaklsys462.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00490072 _____ (Alexander Roshal) C:\Windows\system32\Drivers\ndsvmaheklaiea32r3.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00436260 _____ () C:\Windows\system32\Drivers\rdtvdaslgmmsb32.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00000000 ____D () C:\Program Files\mtg
2015-05-15 04:28 - 2015-05-15 04:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-13 20:05 - 2015-05-13 20:05 - 00039857 _____ () C:\Users\MF\AppData\Local\recently-used.xbel
2015-05-12 20:09 - 2015-05-12 20:10 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-12 20:09 - 2015-05-12 20:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-12 19:39 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:36 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-05-12 18:46 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 18:46 - 2015-04-27 12:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 18:46 - 2015-04-27 12:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 18:46 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 18:46 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 18:46 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 18:46 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 18:46 - 2015-04-27 11:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 18:46 - 2015-04-21 07:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 18:46 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 18:46 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:46 - 2015-04-19 19:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:46 - 2015-04-19 19:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:46 - 2015-04-17 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 18:46 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 18:46 - 2015-04-17 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-12 18:46 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-12 18:46 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-12 18:45 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:45 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:45 - 2015-04-12 20:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 18:45 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-12 18:45 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-12 18:45 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-12 18:45 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-12 18:45 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 18:45 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-12 18:45 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-12 18:45 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-12 18:45 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 18:45 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-12 18:45 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-12 18:45 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-12 18:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-12 18:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-12 18:45 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-12 18:45 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-12 18:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-12 18:45 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-12 18:45 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-12 18:45 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-12 18:45 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-12 18:45 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-12 18:45 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 18:45 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 18:45 - 2015-01-27 16:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-12 18:45 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-12 18:45 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-12 18:45 - 2014-11-10 18:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-05-12 18:45 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-12 18:45 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:44 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-12 18:44 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-12 18:44 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-12 18:42 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-12 18:42 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-12 18:42 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-05-12 18:42 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:18 - 2009-07-20 22:30 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 22:16 - 2012-03-13 22:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 22:12 - 2014-05-25 01:00 - 00031216 _____ () C:\Windows\setupact.log
2015-05-23 22:12 - 2012-03-13 22:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 22:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 20:08 - 2012-02-22 19:17 - 01185627 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 15:57 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 15:57 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 02:04 - 2014-06-24 20:55 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Hotspot Shield
2015-05-17 02:34 - 2014-04-26 14:24 - 00000000 ____D () C:\AdwCleaner
2015-05-16 23:45 - 2014-08-26 08:51 - 00003676 _____ () C:\Windows\PFRO.log
2015-05-16 23:21 - 2014-05-14 22:10 - 00000000 ____D () C:\Users\MF\AppData\Roaming\inkscape
2015-05-16 21:43 - 2012-02-27 12:37 - 00000000 ____D () C:\temp
2015-05-16 15:40 - 2014-05-10 22:36 - 00000000 ____D () C:\Users\MF\AppData\Local\Adobe
2015-05-16 15:39 - 2012-03-30 18:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-16 15:39 - 2012-03-13 22:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 22:17 - 2014-05-25 13:34 - 00000000 ____D () C:\Users\MF\Documents\MRF - 2a
2015-05-15 20:24 - 2014-08-27 17:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 23:14 - 2015-02-23 23:12 - 00000000 ____D () C:\Users\MF\Documents\My Digital Editions
2015-05-14 16:00 - 2012-02-22 19:23 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-05-14 14:51 - 2014-04-20 17:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 20:09 - 2014-05-27 18:39 - 00000000 ____D () C:\Users\MF\.gimp-2.8
2015-05-13 20:05 - 2014-05-27 18:44 - 00000000 ____D () C:\Users\MF\AppData\Local\gtk-2.0
2015-05-13 15:53 - 2014-08-26 09:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 15:53 - 2014-08-26 09:03 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-13 15:52 - 2009-07-13 21:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-13 00:15 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-05-13 00:13 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-05-12 23:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-12 20:10 - 2012-03-14 11:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 20:10 - 2009-07-13 21:33 - 00431784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 20:09 - 2014-05-11 00:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-12 20:09 - 2009-07-21 04:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 20:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 19:41 - 2012-02-23 14:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:40 - 2014-08-26 13:09 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-12 19:40 - 2014-08-26 13:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-12 19:40 - 2014-08-26 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-12 19:29 - 2012-03-14 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-30 21:30 - 2014-10-08 00:02 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Orneon
2015-04-30 21:26 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-30 21:13 - 2014-09-29 20:06 - 00000000 ____D () C:\Program Files\WildTangent Games
2015-04-26 14:53 - 2012-02-22 19:15 - 00000000 ____D () C:\swshare

==================== Files in the root of some directories =======

2015-05-13 20:05 - 2015-05-13 20:05 - 0039857 _____ () C:\Users\MF\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 24 May 2015 - 07:25 AM

hi Sun&Sea,

 

Iam shelf life and will try to help you. Iam only in this site once or twice per day, more on the weekends. I may not reply back until the next day.

 

From what you described after running Malwarebytes and ESET it looks like you took care of the malware. The leftover folders/files that may be associated with the malware install you can upload to jotti and virustotal to check out. Probably harmless leftovers- links below.

The service your seeing is still there but not running as you said. We can delete it.

 

Looks like core Temp did bundle some goodies: I added the bold.

 

 

Alcpu.com is distributing modified installers which differ from the originals. The modified installers are compliant with the original software manufacturer's policies and terms & conditions. InstallIQ™ is an install manager that will manage the installation of your selected software. In addition to managing the installation of your selected software, InstallIQ™ will make recommendations for additional free software that you may be interested in. Additional software may include toolbars, browser add-ons, game applications, anti-virus applications, and other types of applications. You are not required to install any additional software to receive your selected software. You can completely remove the program at any time in Windows

 

Looks like your running FRST without Admin privileges. Hence the " Failed to access process" and no addition log. Can you run it as a admin account or log in as a admin account? If not we can try to work around it but some tasks may present a problem.

 

http://virusscan.jotti.org/en

https://www.virustotal.com/


How Can I Reduce My Risk to Malware?


#5 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 24 May 2015 - 11:35 PM

Hi Shelf Life...thanks for helping!

 

I did see all the extra junk offered by the Core Temp download when I was installing it, and I unchecked all of it upon install, yet I still got stuff. In any case, glad I am getting this all cleaned up. :)

 

I ran the FRST scan from my Admin account and will paste them below, but first I have a few questions.

 

1. How do I delete the service that is showing as stopped but still appears in Task Manager? It is called AlaPerformance in Task Manager, but in the FRST addition.txt report it is showing up as AlaMaintenance (NVACYU~1.exe) and located in my sys32 drivers folder...but I don't see it in there. I actually think that was one of the files that was deleted after ESET fixed things as I remember seeing that file name in my sys32 drivers folder before I ran my virus scans.

 

2. After I ran FRST the first time last week, I noticed a new folder that appeared in my 'Documents' folder titled "Internet Explorer", and inside is some sort of a profiles .dll file.  I have no idea where that came from or why it suddenly appeared (I only use Firefox), but I just scanned it with those two virus scanner sites you linked above and it came up clean. Can I just delete it?

 

3. I ran the three remaining .sys files that seemed to have come from Core Temp download with those two virus scan site links you provided and they all came up with nothing found. Can I just delete them with a right click mouse delete then?

 

Ok, here are the FRST scans from my Admin user account:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Administrator (administrator) on T1 on 24-05-2015 19:06:27
Running from C:\Users\Administrator.T1\Desktop
Loaded Profiles: MF & Administrator (Available Profiles: MF & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-10-01] ()
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-11-16] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2009-11-27] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-15] ()
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\MountPoints2: {8ed2ed30-bc9e-11e4-a3de-f0def102e1f3} - D:\Setup.exe
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\...\Run: [WatchDog] => C:\Users\Administrator.T1\AppData\Local\wd\wd.exe
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\...\Run: [Updater] => C:\Users\Administrator.T1\AppData\Local\Chromatic\Utils\Updater.exe
HKU\S-1-5-18\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {371793A5-8520-4D3C-8CA5-DD65E2DBC6B4} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2013-04-18] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2014-11-22] ()
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-12]
FF Extension: Classic Toolbar Buttons - C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-10]
FF Extension: TinEye Reverse Image Search - C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default\Extensions\tineye@ideeinc.com.xpi [2014-04-20]
FF Extension: Stylish - C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-05-12]
FF Extension: NoScript - C:\Users\Administrator.T1\AppData\Roaming\Mozilla\Firefox\Profiles\dds84wqx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-20]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-05-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-15]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-19]
CHR Extension: (Google Drive) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-19]
CHR Extension: (YouTube) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-19]
CHR Extension: (Google Search) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-19]
CHR Extension: (Bookmark Manager) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Gmail) - C:\Users\Administrator.T1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-03-05] (Macrovision Europe Ltd.) []
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-23] (WildTangent)
S3 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-08] (Lenovo Group Limited)
S3 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 AlaPerformance; C:\Windows\system32\drivers\svchost.exe run [X]
S4 NeroMediaHomeService.4; "C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:06 - 2015-05-24 19:06 - 00018028 _____ () C:\Users\Administrator.T1\Desktop\FRST.txt
2015-05-19 19:22 - 2015-05-24 19:06 - 00000000 ____D () C:\Users\MF\Desktop\SCANS
2015-05-18 18:45 - 2015-05-24 19:06 - 00000000 ____D () C:\FRST
2015-05-18 18:42 - 2015-05-24 19:03 - 01146880 _____ (Farbar) C:\Users\Administrator.T1\Desktop\FRST.exe
2015-05-17 23:44 - 2015-05-17 23:44 - 00000000 ____D () C:\Program Files\ESET
2015-05-17 23:43 - 2015-05-17 23:43 - 02347384 _____ (ESET) C:\Users\MF\Downloads\esetsmartinstaller_enu.exe
2015-05-17 18:04 - 2015-05-17 18:04 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-17 18:04 - 2015-05-17 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2015-05-17 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-17 18:03 - 2015-05-17 18:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-17 18:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-17 17:58 - 2015-05-17 18:01 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Administrator.T1\Downloads\spybot-2.4.exe
2015-05-17 02:47 - 2015-05-17 02:47 - 00000000 ____D () C:\Users\Administrator.T1\Downloads\tdsskiller
2015-05-17 02:33 - 2015-05-17 02:33 - 02209792 _____ () C:\Users\Administrator.T1\Downloads\adwcleaner_4.204.exe
2015-05-16 22:47 - 2015-05-16 22:47 - 00000045 _____ () C:\Windows\system32\initdebug.nfo
2015-05-16 21:41 - 2015-05-16 21:41 - 00000029 _____ () C:\Windows\system32\Drivers\nkbyrnkdaklsys462.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00490072 _____ (Alexander Roshal) C:\Windows\system32\Drivers\ndsvmaheklaiea32r3.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00436260 _____ () C:\Windows\system32\Drivers\rdtvdaslgmmsb32.sys
2015-05-16 21:40 - 2015-05-16 21:40 - 00000000 ____D () C:\Users\Administrator.T1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-16 21:40 - 2015-05-16 21:40 - 00000000 ____D () C:\Program Files\mtg
2015-05-15 04:28 - 2015-05-15 04:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-13 20:05 - 2015-05-13 20:05 - 00039857 _____ () C:\Users\MF\AppData\Local\recently-used.xbel
2015-05-12 20:09 - 2015-05-12 20:10 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-12 20:09 - 2015-05-12 20:09 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-12 19:39 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:36 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-05-12 18:46 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 18:46 - 2015-04-27 12:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 18:46 - 2015-04-27 12:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 18:46 - 2015-04-27 12:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 18:46 - 2015-04-27 12:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 18:46 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 18:46 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 18:46 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 18:46 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 18:46 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 18:46 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 18:46 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 18:46 - 2015-04-27 11:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 18:46 - 2015-04-21 07:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 18:46 - 2015-04-21 07:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 18:46 - 2015-04-21 07:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 18:46 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:46 - 2015-04-19 19:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:46 - 2015-04-19 19:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:46 - 2015-04-17 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 18:46 - 2015-04-17 19:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 18:46 - 2015-04-17 19:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-12 18:46 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-12 18:46 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-12 18:46 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-12 18:46 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-12 18:45 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:45 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:45 - 2015-04-12 20:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 18:45 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-12 18:45 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-12 18:45 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-12 18:45 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-12 18:45 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-12 18:45 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-12 18:45 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 18:45 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-12 18:45 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-12 18:45 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-12 18:45 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-12 18:45 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 18:45 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-12 18:45 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-12 18:45 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-12 18:45 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-12 18:45 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-12 18:45 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-12 18:45 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-12 18:45 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-12 18:45 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-12 18:45 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-12 18:45 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-12 18:45 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-12 18:45 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-12 18:45 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-12 18:45 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-12 18:45 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 18:45 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 18:45 - 2015-01-27 16:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-12 18:45 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-12 18:45 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-12 18:45 - 2014-11-10 18:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-05-12 18:45 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-12 18:45 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-12 18:45 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:44 - 2015-04-07 20:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:44 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-12 18:44 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-12 18:44 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-12 18:42 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-12 18:42 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-12 18:42 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-12 18:42 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-05-12 18:42 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:02 - 2012-03-13 22:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 18:16 - 2012-03-13 22:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 15:55 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 15:55 - 2009-07-13 21:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 15:54 - 2009-07-20 22:30 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 15:50 - 2012-02-22 19:17 - 01213057 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 15:47 - 2014-05-25 01:00 - 00031272 _____ () C:\Windows\setupact.log
2015-05-24 15:47 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 22:43 - 2014-09-29 20:06 - 00000000 ____D () C:\Program Files\WildTangent Games
2015-05-18 02:04 - 2014-06-24 20:55 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Hotspot Shield
2015-05-17 02:34 - 2014-04-26 14:24 - 00000000 ____D () C:\AdwCleaner
2015-05-16 23:45 - 2014-08-26 08:51 - 00003676 _____ () C:\Windows\PFRO.log
2015-05-16 23:21 - 2014-05-14 22:10 - 00000000 ____D () C:\Users\MF\AppData\Roaming\inkscape
2015-05-16 21:43 - 2012-02-27 12:37 - 00000000 ____D () C:\temp
2015-05-16 15:40 - 2014-05-10 22:36 - 00000000 ____D () C:\Users\MF\AppData\Local\Adobe
2015-05-16 15:39 - 2014-08-28 14:42 - 00000000 ____D () C:\Users\Administrator.T1\AppData\Local\Adobe
2015-05-16 15:39 - 2012-03-30 18:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-16 15:39 - 2012-03-13 22:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 22:17 - 2014-05-25 13:34 - 00000000 ____D () C:\Users\MF\Documents\MRF - 2a
2015-05-15 20:24 - 2014-08-27 17:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 23:14 - 2015-02-23 23:12 - 00000000 ____D () C:\Users\MF\Documents\My Digital Editions
2015-05-14 16:00 - 2012-02-22 19:23 - 00000452 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-05-14 14:51 - 2014-04-20 17:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 20:09 - 2014-05-27 18:39 - 00000000 ____D () C:\Users\MF\.gimp-2.8
2015-05-13 20:05 - 2014-05-27 18:44 - 00000000 ____D () C:\Users\MF\AppData\Local\gtk-2.0
2015-05-13 15:53 - 2014-08-26 09:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 15:53 - 2014-08-26 09:03 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 15:53 - 2014-08-26 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-13 15:52 - 2009-07-13 21:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-13 00:15 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-05-13 00:13 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-05-12 23:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-12 20:10 - 2012-03-14 11:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 20:10 - 2009-07-13 21:33 - 00431784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 20:09 - 2014-05-11 00:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-12 20:09 - 2009-07-21 04:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 20:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 19:41 - 2012-02-23 14:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:40 - 2014-08-26 13:09 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-12 19:40 - 2014-08-26 13:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-12 19:40 - 2014-08-26 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-12 19:29 - 2012-03-14 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-30 21:30 - 2014-10-08 00:02 - 00000000 ____D () C:\Users\MF\AppData\Roaming\Orneon
2015-04-30 21:26 - 2009-07-13 21:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-26 14:53 - 2012-02-22 19:15 - 00000000 ____D () C:\swshare

==================== Files in the root of some directories =======

2014-05-04 00:36 - 2014-05-04 00:36 - 0004096 ____H () C:\Users\Administrator.T1\AppData\Local\keyfile3.drm
2014-12-20 04:19 - 2014-12-20 04:19 - 0028664 _____ () C:\Users\Administrator.T1\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\outlooksoclconnector_2010_32.exe
C:\Users\administrator\AppData\Local\Temp\outlook_2010_32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 01:45

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Administrator at 2015-05-24 19:06:48
Running from C:\Users\Administrator.T1\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1113816930-1644768234-1934589812-500 - Administrator - Enabled) => C:\Users\Administrator.T1
Guest (S-1-5-21-1113816930-1644768234-1934589812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1113816930-1644768234-1934589812-1003 - Limited - Enabled)
MF (S-1-5-21-1113816930-1644768234-1934589812-1004 - Limited - Enabled) => C:\Users\MF
tvsu_tmp_pxlnqDWPZE (S-1-5-21-1113816930-1644768234-1934589812-1007 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Acrobat 9 Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Bejeweled 3 (Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Corel DVD MovieFactory (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Echoes of the Past: Revenge of the Witch (Version: 3.0.2.118 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hotspot Shield 3.42 (HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Hoyle Puzzle Games 2004 (HKLM\...\InstallShield_{12362BED-DF87-40CD-97AB-A6DA564E8B8F}) (Version: 1.00.0000 - Sierra)
Hoyle Puzzle Games 2004 (Version: 1.00.0000 - Sierra) Hidden
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Integrated Camera Driver Installer Package Ver.1.1.0.17 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.17 - RICOH)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.157 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.157 - InterVideo Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 1.28 (HKLM\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.31 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0002.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Motorola Mobile Drivers Installation 5.1.0 (HKLM\...\{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}) (Version: 5.1.0 - Motorola Inc.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12130 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.01.00 - )
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Princess Isabella: Return of the Curse -- Collector's Edition (Version: 2.2.0.98 - WildTangent) Hidden
RealMYST (HKLM\...\BFG-RealMYST) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Scribus 1.4.4 (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super TextTwist (Version: 2.2.0.97 - WildTangent) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.12 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.10a - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (11/19/2009 11.5.5.0) (HKLM\...\A140D730315E230942517BDDAEC2B1B5FCC45A3F) (Version: 11/19/2009 11.5.5.0 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00833C1E-2FA7-431E-9A9C-0BAA0CC6983F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {0D7265EF-76B4-4050-A031-E8FE9D2FD734} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {16C6CE12-C185-4291-9800-4B247CA5DC99} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
Task: {1CA7C18D-BAD4-4668-89C1-96FEA73D48D2} - System32\Tasks\{85F18DB0-0A6D-452D-96F1-4137E4FA4B9E} => pcalua.exe -a F:\Users\jh\Documents\D_SOFTWARE\Software\Snagit\Setup_SnagItStamps_Smiley_2_ENU.exe -d F:\Users\jh\Documents\D_SOFTWARE\Software\Snagit
Task: {24DCC891-708D-4292-9742-37DB558621DC} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {26E6B8AC-58AB-43A2-ACE6-010142E0B729} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {27037481-6CA9-49C1-9D9F-20E6C6E25CD2} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {2B731F36-E58C-4B2C-8B65-7F98D8D1A94E} - System32\Tasks\AlaMaintenance => C:\Windows\system32\drivers\NVACYU~1.EXE
Task: {2E99BC1C-3BBA-42B9-956B-48A044F0B734} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {38FBFB02-A6E9-4296-AE43-3D5F5C3A91AB} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {3A560EC9-9A68-47CD-A416-3C96CA9569DC} - System32\Tasks\{7673459E-95A2-4482-90FB-E1DF16680760} => pcalua.exe -a F:\Users\jh\Documents\D_SOFTWARE\Software\Snagit\Setup_SnagItStamps_ProofreaderMarks_ENU.exe -d F:\Users\jh\Documents\D_SOFTWARE\Software\Snagit
Task: {4950ADCE-402E-4706-98C0-4F9FBE7A3B7A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4E974DAE-254E-4463-8ABD-F2165EA09E67} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7D411867-F0F5-4866-BA9B-28B50D622886} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
Task: {8DBED3DA-8F87-496E-8133-A69A7D60C8B7} - System32\Tasks\Media_System_Platform => C:\Windows\system32\drivers\KVN398~1.EXE
Task: {8FBA8D78-0B0E-45A1-B5D2-8B9F223C59E8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9877F689-A1C4-491E-874F-903CE84582C6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9A237A10-DA26-4FB1-9D94-7AC54684BCE0} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
Task: {9A88E320-96F7-4D15-B608-EFEA307DF3C2} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-11-26] (Lenovo Group Limited)
Task: {9C60ACDE-A96F-4775-9FF9-DA51F2326DAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A9725601-8284-49A8-ADE3-52676365D473} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ACDE0BEE-75E2-4C91-8BED-F33BDAEEFC52} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {B1106DA3-CA56-442B-A1B3-FA9D5142B578} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {BA2947C3-4DB1-4DEB-9693-AE18C81FA47F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {BD4C8B00-3815-4966-B5CD-9A152DF63852} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CA13B086-991B-492A-9BC2-C1C565C83598} - System32\Tasks\LaunchCSS => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
Task: {D525DA83-A54F-482A-B708-2F12D250910A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {D9DF9A36-967F-4237-9936-08B53401EE88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {EBF3D05E-F95E-4A11-8AE8-80CA71058E01} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {F24F34D5-5AF1-4A35-887B-0A01527B8B2E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exeK-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-21 18:24 - 2013-10-28 15:48 - 00079648 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-02-23 15:13 - 2012-08-31 15:01 - 00069632 ____N () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2015-05-17 18:03 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-17 18:03 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-17 18:03 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-17 18:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-17 18:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-21 23:15 - 2007-09-02 13:57 - 00069632 ____N () C:\Program Files\RocketDock\RocketDock.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____N () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-22 19:14 - 2009-11-26 11:10 - 00032768 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2014-04-21 23:15 - 2007-09-02 13:58 - 00495616 ____N () C:\Program Files\RocketDock\RocketDock.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:12F3508C
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KASWTSYS69254350238340 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KASWTSYS69254350238340 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1113816930-1644768234-1934589812-500\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator.T1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuoteWerks Web Connector.lnk => C:\Windows\pss\QuoteWerks Web Connector.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Nero MediaHome 4 => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: RocketDock => "C:\Program Files\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [FPS-SpoolSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [CoreNet-GP-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-GP-LSASS-Out-TCP] => (Block) %SystemRoot%\system32\lsass.exe
FirewallRules: [MSDTC-In-TCP-NoScope] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-KTMRM-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP-NoScope] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP-NoScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [NetPres-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{15A5F467-A448-46E1-B8A0-A07F1C859F08}] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{C506181A-5316-4C6B-B434-69E3E6BA02D2}] => (Block) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{5D03B1D3-5564-4538-95BD-071B0257C090}] => (Block) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B779FF1-7E72-41C9-88F5-C22F22519FCF}] => (Block) svchost.exe
FirewallRules: [{1CA60CD0-84F6-45D7-84AD-C96261A1E267}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{949768FF-ED03-49CC-9160-846776CBB55A}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{C6BDE64C-5A5D-47A6-A0CD-10FE7B679244}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [{212E0C5F-65C4-452D-AB51-924D6B263133}] => (Allow) LPort=135
FirewallRules: [{A08D6852-1502-47AE-B80C-9B349695D98A}] => (Block) LPort=135
FirewallRules: [{28B87F3E-75FA-4F0A-9EF6-DF79E13B7C7C}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{7A3996BE-699C-4822-9518-D4D10904AB16}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{2AB134B9-7DE9-4DDF-A57C-BA93A63E82C0}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E95541CA-C838-419F-9646-0357B85E09CB}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{70A59000-5CAA-459B-817C-B0C509C3B0AF}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F00B651F-221D-4550-8515-CC122FAD9D79}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{5F5ACD57-96DC-413A-93E7-8691B364DD85}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E56268FF-CDD0-4289-BBCD-ABB0FF4D3577}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F7BB2E4A-5724-4E8B-B97E-F9D421A75B6D}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{6558C001-E0DE-4F69-B5AA-3F66AE048945}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{2BA03A3B-EB07-4C63-B913-2C0F69602DED}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TCP Query User{09C1A4F8-5FD9-47D3-83D9-C5AE0E5EF84E}C:\program files\microsoft office\office14\excel.exe] => (Allow) C:\program files\microsoft office\office14\excel.exe
FirewallRules: [UDP Query User{0AF0A89E-74B7-4F49-B031-B020DED8228D}C:\program files\microsoft office\office14\excel.exe] => (Allow) C:\program files\microsoft office\office14\excel.exe
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{9D600C31-EDE2-484D-A2A9-64DEDEA1389C}] => (Block) %SystemRoot%\system32\netproj.exe
FirewallRules: [{5675320F-9880-45AA-AD3C-246DA61C9AAF}] => (Block) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{1AC01966-E0A7-410F-B27F-FD1A1339D18E}] => (Block) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
FirewallRules: [{34676D7F-0386-4DC5-BA1C-2EC3E1AE3370}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{520CF8AA-7CEC-4880-85C2-9B7E2D04F70B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96849575-FC80-464C-807C-B65A35D66B31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5E7F76B-A170-4758-BC57-6C536456831E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C8E1C322-1A0B-41F7-997A-1A17E64CF087}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5D20C6D7-44AA-4A8C-A515-D3C148082397}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{2EAE6414-1419-4927-9F0E-1C9935D4C5D6}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Application\chromatic.exe
FirewallRules: [{20EA7594-25C4-4B2E-84AC-586B8247E804}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{ED1A7483-3D80-4AE2-B5C4-1DAB971E8D72}] => (Allow) C:\Users\Administrator.T1\AppData\Local\Chromatic\Utils\Updater.exe
FirewallRules: [{9D282C03-0FD3-4A2E-929F-B4AE403D076B}] => (Allow) C:\Users\Administrator.T1\AppData\Local\wd\wd.exe
FirewallRules: [{D36E68B8-6F61-4D1A-9B3D-5CFD7ECC9694}] => (Allow) C:\Users\Administrator.T1\AppData\Local\wd\wd.exe
FirewallRules: [{D2DBDC6F-96E2-4CE2-BE26-8C0FB4F3BC3A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ThinkPad Modem Adapter
Description: ThinkPad Modem Adapter
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant Systems
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #9
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Integrated Camera
Description: Integrated Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Ricoh
Service: 5U877
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Active Management Technology - SOL (COM4)
Description: Intel® Active Management Technology - SOL
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Serial
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 07:02:24 PM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/24/2015 05:42:58 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/24/2015 02:04:40 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (05/24/2015 02:04:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (05/24/2015 02:04:40 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{31b83854-5dc3-11e1-a80d-806e6f6e6963} - 00000138,0x0053c008,00327FE8,0,0032AFF0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (05/24/2015 01:57:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/24/2015 01:54:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).


System errors:
=============
Error: (05/24/2015 03:48:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/24/2015 02:04:40 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/23/2015 10:13:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 07:31:33 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/23/2015 04:20:58 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/23/2015 03:51:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 00:20:05 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/22/2015 07:43:48 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/22/2015 03:18:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/22/2015 01:51:11 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.


Microsoft Office:
=========================
Error: (05/24/2015 07:02:24 PM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name25900

Error: (05/24/2015 03:47:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name17900

Error: (05/24/2015 05:42:58 AM) (Source: COM) (EventID: 18209) (User: NT AUTHORITY)
Description: machine-defaultLocalC:\Windows\Explorer.EXEUnavailableNT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/24/2015 02:04:40 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (05/24/2015 02:04:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (05/24/2015 02:04:40 AM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{31b83854-5dc3-11e1-a80d-806e6f6e6963} - 00000138,0x0053c008,00327FE8,0,0032AFF0,4096,[0])0x80070079, The semaphore timeout period has expired.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (05/24/2015 01:57:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (05/24/2015 01:54:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101


CodeIntegrity Errors:
===================================
  Date: 2014-08-26 08:49:04.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:23:46.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:12:02.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 16:03:47.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 15:40:58.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 15:25:25.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 13:40:31.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 13:39:51.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 09:50:52.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 08:39:19.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3059.67 MB
Available physical RAM: 1536.61 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 4343.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.67 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:100.36 GB) (Free:14.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 93FB875E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End of log ============================


Edited by Sun&Sea, 24 May 2015 - 11:50 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 25 May 2015 - 01:48 PM

hi,

 

Thanks for all the info.  In answer to the questions

1) we will use a FRST script to remove the leftover entries.

 

2) not sure where that came from. Leave it for now and once we all done with FRST we will run another download that will remove all associated FRST files/folders. If it still remains after that you can manually delete it.

 

3) If you sure they where installed with the malware. You can right click on them>properties>details tab and make sure there not a Microsoft .sys - just as another check anyway before deleting them.

 

We will use a FRST script; You can copy paste whats below in the code box in notepad. Save it to your desktop as fixlist.txt.

Start FRST like before except this time click on the Fix button once.

You should get a fixlog.txt on your desktop.

In some cases machine may reboot first.

Post the fixlog.txt in your next reply

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 AlaPerformance; C:\Windows\system32\drivers\svchost.exe run [X]
S4 NeroMediaHomeService.4; "C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" [X]
AlternateDataStreams: C:\ProgramData\TEMP:12F3508C
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
Task: {2B731F36-E58C-4B2C-8B65-7F98D8D1A94E} - System32\Tasks\AlaMaintenance => C:\Windows\system32\drivers\NVACYU~1.EXE
C:\Windows\system32\drivers\NVACYU~1.EXE
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exeTask: {7D411867-F0F5-4866-BA9B-28B50D622886} - 
System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program 
Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
EmptyTemp:


How Can I Reduce My Risk to Malware?


#7 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 25 May 2015 - 06:33 PM

I checked the properties of the three .sys files and two of them did not have any info other than the type (system files) and the size and date/time stamp. The third one had the name "Alexander Roshal" as the copyright along with the file and product version number, and it is a WinRAR file.

 

One thing I want to add that I am uncertain if it is related to all of this is last night I received two BSOD's within an hour. It is not uncommon to get BSOD's on this laptop unfortunately - I've been getting them about once every 1-2 months or so lately. The last time I recieved a BSOD was two weeks ago but that one didn't produce a blue screen...computer froze to where I had to pull out battery to shut it down. It always happens when I am watching Netflix, and once when on YouTube. I never can read the blue screen as it goes away too fast, but the ones last night I noticed looked different with a "wall of text" versus separate short paragraphs of info - I caught something about needing to verify my drivers. Perhaps that should go into a new forum for BSOD's but just wanted to mention that it happened again and not sure if the timing is related to this malware or such.

 

Here is the log for the FRST fix:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by Administrator at 2015-05-25 16:08:51 Run:1
Running from C:\Users\Administrator.T1\Desktop
Loaded Profiles: Administrator (Available Profiles: MF & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1113816930-1644768234-1934589812-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1113816930-1644768234-1934589812-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 AlaPerformance; C:\Windows\system32\drivers\svchost.exe run [X]
S4 NeroMediaHomeService.4; "C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" [X]
AlternateDataStreams: C:\ProgramData\TEMP:12F3508C
AlternateDataStreams: C:\ProgramData\TEMP:F35A93AD
Task: {2B731F36-E58C-4B2C-8B65-7F98D8D1A94E} - System32\Tasks\AlaMaintenance => C:\Windows\system32\drivers\NVACYU~1.EXE
C:\Windows\system32\drivers\NVACYU~1.EXE
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exeTask: {7D411867-F0F5-4866-BA9B-28B50D622886} -
System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program
Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
EmptyTemp:

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1113816930-1644768234-1934589812-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key Removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key Removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-1113816930-1644768234-1934589812-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
AlaPerformance => Service Removed successfully.
NeroMediaHomeService.4 => Service Removed successfully.
C:\ProgramData\TEMP => ":12F3508C" ADS Removed successfully..
C:\ProgramData\TEMP => ":F35A93AD" ADS Removed successfully..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B731F36-E58C-4B2C-8B65-7F98D8D1A94E}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B731F36-E58C-4B2C-8B65-7F98D8D1A94E}" => key Removed successfully.
C:\Windows\System32\Tasks\AlaMaintenance => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AlaMaintenance" => key Removed successfully.
"C:\Windows\system32\drivers\NVACYU~1.EXE" => File/Folder not found.
KAPFA => Service Removed successfully.
PCDSRVC{3037D694-FD904ACA-06000000}_0 => Service Removed successfully.
PCDSRVC{C4B36920-79E24793-06000000}_0 => Service Removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exeTask: {7D411867-F0F5-4866-BA9B-28B50D622886} - => key not found.
System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program => Error: No automatic fix found for this entry.
Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.) => Error: No automatic fix found for this entry.
C:\Program Files\PC-Doctor\pcdr5cuiw32.exe => Moved successfully.
EmptyTemp: => Removed 421.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:09:07 ====



#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 25 May 2015 - 08:17 PM

The BSOD is probably a coincidence, i doubt its malware related.  You have a laptop so you should check the computer makers website for updated drivers. Laptops can use propritary drivers. Usually they also have good guides, troubleshooting like for BSOD's etc, info and support forums.

 

Are you familiar with Lenovo and the "superfish malware" from a few months ago?

http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

 

https://support.lenovo.com/us/en/products?type=Laptops-and-netbooks&c=1

 

Since you had adware related items may has well run adwcleaner:

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

 

 


How Can I Reduce My Risk to Malware?


#9 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 25 May 2015 - 09:29 PM

Hi Shelf Life,  No I have not heard of the "Superfish Malware", but looking at that link I see it was not on the Lenovo T series. Thanks for the info though!

 

Regarding the BSOD's - I think you are right...just a coincidence. I have tried to troubleshoot using the Lenovo software that came with the computer and also with Windows troubleshooting but haven't found anything wrong. I also have tried to google the BSOD error codes and found conflicting info as to what to do to fix things and I didn't want to mess around with things I wasn't sure about. I'll look more closely into the Lenovo updated drivers though.

 

I ran the adwcleaner and the results showed just a small handful of things, mostly registry keys. But I am not sure what those registry keys are or if they are really needed or not. Let me show you the scan log first before I do a clean...can you tell me if it's safe to clean all of what is showing up?

 

Oh and worth mentioning...I also don't know what the RunAsStdUser Task is all about, but I am fairly certain I gave my user account permission to run a few programs that kept requiring me to log on as Admin. Would that have to do with that? If so should I uncheck it prior to the clean?

 

ADWCLEANER SCAN LOG:

 

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 19:05:40
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Administrator - T1
# Running from : C:\Users\Administrator.T1\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Folder Found : C:\ProgramData\Trymedia

***** [ Scheduled tasks ] *****

Task Found : RunAsStdUser Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Trymedia Systems
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17356


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [1899 bytes] - [17/05/2015 02:34:22]
AdwCleaner[R1].txt - [1811 bytes] - [25/05/2015 19:05:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1870 bytes] ##########
 



#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 26 May 2015 - 06:57 PM

I see that in the tasks: RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe

iWinGames also has been known to bundle in garbage addons like toolbars. Looks like you already uninstalled it and the task is just a leftover entry. Is iWinGames in your add/remove programs panel?

I would have adwcleaner clean all those items it found. It targets adware and those entries look like leftovers.

 


How Can I Reduce My Risk to Malware?


#11 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 26 May 2015 - 07:58 PM

Nope, iWin games is no longer on my computer so I'll have adw clean that and all of the other stuff too.

 

I may not get to posting my results log until tomorrow...I have lost my internet connection due to a problem with updating an Intel driver (the issues never cease, do they?) so I am on another computer at this time. Hopefully I will get that resolved soon! If not, I'll copy my log to a thumb drive and post it from the other computer that way.

 

Was there going to be one more step with removing all the FRST stuff too?



#12 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 26 May 2015 - 08:23 PM

Ok just post back when you can. Having a problem myself. Installed a new video card and cant get it working at its full potential in linux.

I think we are done with FRST. It removed what it could.


How Can I Reduce My Risk to Malware?


#13 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 28 May 2015 - 01:08 AM

I haven't done the adw clean yet as I am still trying to get my wireless driver working again and I was told to use my Lenovo ThinkVantage Tool Box to do some system updates, however, I discovered that the FRST fix removed some essential things I need for my Lenovo ThinkVantage Tool Box. The items are all "PC Doctor" related which is a part of the ThinkVantage program (I did not know that when I reviewed the FRST logs). Is there a way to undo those FRST fixes? I am thinking not, but I wanted to ask. Oh and I can't do a system restore either, which I am also looking into, but won't be able to go back in time to before I ran that fix.



#14 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:46 AM

Posted 28 May 2015 - 05:35 PM

We can restore those files from quarantine. We will use a FRST script like before. Copy/paste whats below in the code box into notepad, save it has fixlist.txt on your desktop,  Start FRST and click the fix button;

Reboot machine unless FRST does it for you. See how that goes.

RestoreQuarantine:C:\FRST\Quarantine\Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
RestoreQuarantine:C:\FRST\Quarantine\C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

How Can I Reduce My Risk to Malware?


#15 Sun&Sea

Sun&Sea
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 28 May 2015 - 08:35 PM

That did not work...looks like the path was not found?

 

EDIT TO ADD: I found the file on my computer in the FRST Quarantine folder but it looks like it was renamed to "pcdr5cuiw32.exe.xBAD". Should I rename it again removing the ".xBAD" and manually move it back to the PC Doctor folder in my Program Files?

 

Here is the FixLog report:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by Administrator at 2015-05-28 18:17:19 Run:2
Running from C:\Users\Administrator.T1\Desktop
Loaded Profiles: Administrator (Available Profiles: MF & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
RestoreQuarantine:C:\FRST\Quarantine\Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)
RestoreQuarantine:C:\FRST\Quarantine\C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
*****************

"RestoreQuarantine:C:\FRST\Quarantine\Files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08] (PC-Doctor, Inc.)"=> The path was not found.
"RestoreQuarantine:C:\FRST\Quarantine\C:\Program Files\PC-Doctor\pcdr5cuiw32.exe"=> The path was not found.

==== End of Fixlog 18:17:19 ====


Edited by Sun&Sea, 28 May 2015 - 08:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users