Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with my HijackThis log


  • Please log in to reply
36 replies to this topic

#1 tgt987

tgt987

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 03 July 2015 - 04:14 AM

I suspect my laptop has been infected with malware/rootkit. Below is the HijackThis log -

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:39:20, on 03/07/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
 
 
Boot mode: Normal
 
Running processes:
D:\Progs\NetworkIndicator.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
D:\Documents\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Agomo] C:\Program Files (x86)\Agomo\Agomo.exe
O4 - HKLM\..\Run: [Andy] C:\Program Files\Andy\HandyAndy.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [{BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}] cmd.exe /C start /D "C:\Users\admin\AppData\Local\Temp" /B {BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}.exe -accepteula -accepteulaksn -activeimages -postboot
O4 - HKCU\..\Run: [NetworkIndicator] D:\Progs\NetworkIndicator.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\TiongGee\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - Startup: Calendar.lnk = D:\Progs\DesktopCalendar\Calendar.exe
O4 - Startup: Sticky Notes.lnk = D:\Progs\Sticky Notes\StickyNotes.exe
O4 - Startup: Stoic Joker's T-Clock 2010 x64.lnk = D:\Progs\TClock 2010\Clock.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: OpenDNSCrypt.lnk = ?
O4 - Global Startup: Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{42E2292E-E0DF-437C-B814-F3843CBCA4C7}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{46874780-37F6-4749-9960-6A8EC1CE7439}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F1C13B9-D7A3-4542-8AD0-A5F9F0124A25}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4BE9C53-FB7A-4705-8044-830E1329A5CE}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  C:\windows\SysWOW64\nvinit.dll
O23 - Service: Agomo (AgomoService) - Piriform - C:\Program Files (x86)\Agomo\AgomoClient.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: OpenDNSCrypt (DNSCrypt) - Unknown owner - C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
O23 - Service: dnscrypt-proxy - Unknown owner - D:\Progs\DNSCrypt\1.4.1\dnscrypt-proxy.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel® Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (kss) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - Unknown owner - C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 12440 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 06 July 2015 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 10:31 AM

Hi Nasdaq, here are the results - ======================================================== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 06/07/2015 Scan Time: 14:56 Logfile: mbam-log.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.06.03 Rootkit Database: v2015.07.05.03 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: admin Scan Type: Threat Scan Result: Completed Objects Scanned: 570346 Time Elapsed: 26 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ================================================================================ # AdwCleaner v4.207 - Logfile created 06/07/2015 at 15:34:29 # Updated 21/06/2015 by Xplode # Database : 2015-07-05.2 [Server] # Operating system : Windows 8.1 (x64) # Username : admin - IDEAPAD # Running from : D:\Documents\Downloads\adwcleaner_4.207.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage-journal File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage File Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal Folder Found : \Save Folder Found : C:\Program Files (x86)\LenovoBrowserGuard Folder Found : C:\ProgramData\pokki Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Folder Found : C:\Users\admin\AppData\Local\LenovoBrowserGuard Folder Found : C:\Users\admin\AppData\Local\pokki Folder Found : C:\Users\Administrator\AppData\Local\LenovoBrowserGuard Folder Found : C:\Users\Administrator\AppData\Local\pokki Folder Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp Folder Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba Folder Found : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Folder Found : C:\Users\TiongGee\AppData\Local\LenovoBrowserGuard ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E Key Found : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E Key Found : HKLM\SOFTWARE\LenovoBrowserGuard Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Pale Moon v -\\ Google Chrome v43.0.2357.130 [C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [5116 bytes] - [21/12/2014 07:35:41] AdwCleaner[R1].txt - [4078 bytes] - [06/07/2015 15:34:29] AdwCleaner[S0].txt - [5064 bytes] - [21/12/2014 07:36:49] ########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [4196 bytes] ########## ============================================================================== # AdwCleaner v4.207 - Logfile created 06/07/2015 at 15:53:47 # Updated 21/06/2015 by Xplode # Database : 2015-07-05.2 [Server] # Operating system : Windows 8.1 (x64) # Username : admin - IDEAPAD # Running from : D:\Documents\Downloads\adwcleaner_4.207.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : \Save Folder Deleted : C:\ProgramData\pokki [x] Not Deleted : C:\Program Files (x86)\LenovoBrowserGuard [x] Not Deleted : C:\Users\admin\AppData\Local\LenovoBrowserGuard Folder Deleted : C:\Users\admin\AppData\Local\pokki [x] Not Deleted : C:\Users\Administrator\AppData\Local\LenovoBrowserGuard Folder Deleted : C:\Users\Administrator\AppData\Local\pokki [x] Not Deleted : C:\Users\TiongGee\AppData\Local\LenovoBrowserGuard [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal [x] Not Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage [x] Not Deleted : C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmocchgkijnbjdjkmlglaemjhhdiobbp_0.localstorage-journal ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [x] Not Deleted : HKLM\SOFTWARE\LenovoBrowserGuard [x] Not Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E [x] Not Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E [x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Pale Moon v -\\ Google Chrome v43.0.2357.130 ************************* AdwCleaner[R0].txt - [5116 bytes] - [21/12/2014 07:35:41] AdwCleaner[R1].txt - [4277 bytes] - [06/07/2015 15:36:13] AdwCleaner[S0].txt - [5064 bytes] - [21/12/2014 07:36:49] AdwCleaner[S1].txt - [4182 bytes] - [06/07/2015 15:53:47] ########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [4241 bytes] ########## ==================================================================================== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015 Ran by TGT (ATTENTION: The logged in user is not administrator) on IDEAPAD on 06-07-2015 16:07:14 Running from D:\Documents\Downloads Loaded Profiles: UpdatusUser & TGT (Available Profiles: UpdatusUser & TGT & admin & Administrator) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> gzserv.exe Failed to access process -> dwm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> igfxCUIService.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> wlanext.exe Failed to access process -> conhost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> DACore.exe Failed to access process -> svchost.exe Failed to access process -> OpenDNSCryptService.exe Failed to access process -> dasHost.exe Failed to access process -> EMET_Service.exe Failed to access process -> dnscrypt-proxy.exe Failed to access process -> conhost.exe Failed to access process -> EvtEng.exe Failed to access process -> HeciServer.exe Failed to access process -> ibtrksrv.exe Failed to access process -> IpOverUsbSvc.exe Failed to access process -> iSCTAgent.exe Failed to access process -> kss.exe Failed to access process -> LenovoWiFiHotspotSvr.exe Failed to access process -> mbae-svc.exe Failed to access process -> mbae64.exe Failed to access process -> PGService.exe Failed to access process -> conhost.exe Failed to access process -> RegSrvc.exe Failed to access process -> RichVideo64.exe Failed to access process -> sqlwriter.exe Failed to access process -> svchost.exe Failed to access process -> VfConnectorService.exe Failed to access process -> ZeroConfigService.exe Failed to access process -> AgomoClient.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Agent.exe Failed to access process -> PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> SearchIndexer.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe Failed to access process -> GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe Failed to access process -> devmonsrv.exe Failed to access process -> obexsrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ITSamples.com) D:\Progs\NetworkIndicator.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Stoic Joker's Network) D:\Progs\TClock 2010\Clock.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1043_x64__8wekyb3d8bbwe\onenoteim.exe (Lenovo) C:\Users\TiongGee\AppData\Local\Apps\2.0\730Q7V64.VNY\CDB5N44R.VQY\lsb...tion_91a10ba61c75c82d_0001.0003_e64b99d0aeadb214\LSB.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> IntelMeFWService.exe Failed to access process -> jhi_service.exe Failed to access process -> LMS.exe Failed to access process -> daemonu.exe Failed to access process -> wmpnetwk.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393480 2015-03-19] () HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-08] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-05] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-05] (Lenovo(beijing) Limited) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2017560 2015-05-07] (Piriform) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [907144 2015-02-03] () HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o HKLM-x32\...\RunOnce: [{BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}] => cmd.exe /C start /D "C:\Users\admin\AppData\Local\Temp" /B {BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}.exe -accepteula -accepteulaksn -activeimages -postboot HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [NetworkIndicator] => D:\Progs\NetworkIndicator.exe [344064 2014-09-12] (ITSamples.com) HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [Google Photos Backup] => C:\Users\TiongGee\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-05-29] (Google, Inc) HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\MountPoints2: {876fc2a2-77e6-11e4-826e-f8165431bf9a} - "F:\LaunchU3.exe" -a HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\MountPoints2: {e7153642-3ef4-11e4-8268-f8165431bf9a} - "G:\Setup.exe" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\ANALOG~1.SCR [147456 2012-02-07] () AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-09-11] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-05] ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenDNSCrypt.lnk [2014-10-01] ShortcutTarget: OpenDNSCrypt.lnk -> C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-03-13] ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar.lnk [2014-08-17] ShortcutTarget: Calendar.lnk -> D:\Progs\DesktopCalendar\Calendar.exe (Glenn Delahoy) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2014-08-17] ShortcutTarget: Sticky Notes.lnk -> D:\Progs\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2014-09-10] ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> D:\Progs\TClock 2010\Clock.exe (Stoic Joker's Network) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar.lnk [2014-08-17] ShortcutTarget: Calendar.lnk -> D:\Progs\DesktopCalendar\Calendar.exe (Glenn Delahoy) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2014-08-17] ShortcutTarget: Sticky Notes.lnk -> D:\Progs\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik) Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2014-09-10] ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> D:\Progs\TClock 2010\Clock.exe (Stoic Joker's Network) ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.) ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.) BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = URLSearchHook: [S-1-5-21-3019814323-1221305904-3904259001-1001] ATTENTION ==> Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> {65A44486-7204-4B13-A109-98FB8439CAD0} URL = SearchScopes: HKU\S-1-5-21-3019814323-1221305904-3904259001-1002 -> {65A44486-7204-4B13-A109-98FB8439CAD0} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-01] (LastPass) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-01] (LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-01] (LastPass) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-01] (LastPass) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-3019814323-1221305904-3904259001-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{42E2292E-E0DF-437C-B814-F3843CBCA4C7}: [NameServer] 127.0.0.1 Tcpip\..\Interfaces\{42E2292E-E0DF-437C-B814-F3843CBCA4C7}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{46874780-37F6-4749-9960-6A8EC1CE7439}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{9F1C13B9-D7A3-4542-8AD0-A5F9F0124A25}: [NameServer] 127.0.0.1 Tcpip\..\Interfaces\{9F1C13B9-D7A3-4542-8AD0-A5F9F0124A25}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B4BE9C53-FB7A-4705-8044-830E1329A5CE}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{B4BE9C53-FB7A-4705-8044-830E1329A5CE}: [DhcpNameServer] 192.168.16.254 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-09-11] (LastPass) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-09-11] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF user.js: detected! => C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\user.js [2013-06-06] FF Plugin ProgramFiles/Appdata: C:\Users\TiongGee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\TiongGee\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google) FF SearchPlugin: C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\searchplugins\imdb.xml [2010-05-29] FF Extension: PayPal Wishlist extension - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\jid1-ryeTB1DaJaCaUw@jetpack [2011-12-15] FF Extension: LastPass - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\support@lastpass.com [2014-08-17] FF Extension: Flashblock - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-24] FF Extension: ReminderFox - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-18] FF Extension: Flash and Video Download - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013-11-23] FF Extension: Wired-Marker - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2012-05-03] FF Extension: Disconnect - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\2.0@disconnect.me.xpi [2013-01-18] FF Extension: Flash Video Downloader - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\artur.dubovoy@gmail.com.xpi [2011-08-16] FF Extension: Certificate Patrol - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\CertPatrol@PSYC.EU.xpi [2011-07-19] FF Extension: Ghostery - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\firefox@ghostery.com.xpi [2013-11-23] FF Extension: Wiktionary and Google Translate - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\googledictionary@toptip.ca.xpi [2011-09-15] FF Extension: Image Zoom - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-17] FF Extension: NoScript - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-23] FF Extension: Adblock Plus - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14] FF Extension: BetterPrivacy - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-05-14] FF Extension: Download Statusbar - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-28] FF Extension: Tab Mix Plus - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\CertPatrol@PSYC.EU.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\2.0@disconnect.me.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\googledictionary@toptip.ca.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\artur.dubovoy@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [not found] FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\support@lastpass.com [not found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09] CHR Extension: (Analog Clock CE-7) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbfjhfedihcnjjgningomdcmmpgfodn [2015-03-01] CHR Extension: (Google Docs) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09] CHR Extension: (Google Drive) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09] CHR Extension: (Sexy Undo Close Tab) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-10-23] CHR Extension: (YouTube) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09] CHR Extension: (Adblock Plus) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-08] CHR Extension: (uBlock Origin) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-02-15] CHR Extension: (Google Search) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09] CHR Extension: (KeyRocket for Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2014-09-28] CHR Extension: (Google Calendar) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-08] CHR Extension: (Video Downloader professional) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-29] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-21] CHR Extension: (Google Sheets) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09] CHR Extension: (Click&Clean) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-02-10] CHR Extension: (Google Calendar (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-09-08] CHR Extension: (Next Bus London) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod [2014-09-08] CHR Extension: (ScriptBlock) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-05-31] CHR Extension: (LastPass: Free Password Manager) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-08] CHR Extension: (Simple Highlighter) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj [2014-09-08] CHR Extension: (Google Keep - notes and lists) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-03] CHR Extension: (Disconnect) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-08] CHR Extension: (PixelBlock) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpmfcjnflbcoidlgapblgpgbilinlem [2015-04-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Boomerang for Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-09-08] CHR Extension: (Google Dictionary (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-09-08] CHR Extension: (Ghostery) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-08] CHR Extension: (Save to Pocket) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-05-27] CHR Extension: (Google Wallet) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09] CHR Extension: (Send from Gmail (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-08] CHR Extension: (Evernote Web Clipper) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-08] CHR Extension: (Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09] CHR Extension: (Privacy Badger) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2014-10-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [15089432 2015-05-07] (Piriform) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.) R2 DNSCrypt; C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [14336 2012-08-03] () [File not signed] R2 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed] R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-05] (Lenovo(beijing) Limited) R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] () R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2015-06-24] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-21] (Microsoft Corporation) [File not signed] S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] () R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-05] () S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-05-12] (WiseCleaner.com) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation) S2 dnscrypt-proxy; D:\Progs\DNSCrypt\1.4.1\dnscrypt-proxy.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-08-19] (Emsisoft GmbH) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-12-26] () <==== ATTENTION (zero byte File/Folder) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.) R1 BTOWSFF; C:\windows\System32\Drivers\BTOWSFF.sys [33024 2015-03-01] (Toolwiz.com) R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2015-03-01] (Toolwiz.com) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-08-19] (Emsisoft GmbH) R1 clrmmc; C:\Windows\system32\drivers\clrmmc.sys [45736 2015-07-04] (Promosoft Software Limited) R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-18] (Emsisoft GmbH) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] () R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-14] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-14] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-14] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-14] () R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2015-03-01] (Toolwiz.com) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated) R3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R2 WiseFS; C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFs64.sys [10280 2014-03-14] () [File not signed] S3 WiseHDInfo; C:\windows\WiseHDInfo64.dll [14800 2015-05-24] (wisecleaner.com) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) S3 cpuz138; \??\C:\windows\TEMP\cpuz138\cpuz138_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 16:07 - 2015-07-06 16:07 - 00000000 ____D C:\FRST 2015-07-06 16:05 - 2015-07-06 16:05 - 00004323 _____ C:\Users\TiongGee\Documents\AdwCleaner[S1].txt 2015-07-06 16:03 - 2015-07-06 16:03 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys.upd 2015-07-06 15:56 - 2015-07-06 15:56 - 00000254 _____ C:\windows\PFRO.log 2015-07-06 14:55 - 2015-07-06 14:55 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-06 10:32 - 2015-07-06 10:32 - 00002926 _____ C:\Users\TiongGee\Desktop\Tax.lnk 2015-07-06 05:52 - 2015-07-06 05:52 - 00000000 ____D C:\windows\LastGood.Tmp 2015-07-04 13:34 - 2015-07-04 13:34 - 00045736 _____ (Promosoft Software Limited) C:\windows\system32\Drivers\clrmmc.sys 2015-07-04 13:34 - 2015-07-04 13:34 - 00001239 _____ C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log 2015-07-04 13:34 - 2015-07-04 13:34 - 00001025 _____ C:\Users\admin\Desktop\Secure Folders.lnk 2015-07-04 13:34 - 2015-07-04 13:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secure Folders 2015-07-04 13:34 - 2015-07-04 13:34 - 00000000 ____D C:\Program Files (x86)\Secure Folders 2015-07-04 13:33 - 2015-07-04 13:34 - 00002502 _____ C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log 2015-07-04 13:33 - 2015-07-04 13:34 - 00000000 ____D C:\ProgramData\{28D5D3C0-9147-4bb7-B2D0-453118720FE3} 2015-07-04 11:09 - 2015-07-04 11:09 - 00000000 ____D C:\Users\Default\AppData\Local\Tvsukernel 2015-07-04 11:09 - 2015-07-04 11:09 - 00000000 ____D C:\Users\Default User\AppData\Local\Tvsukernel 2015-07-04 11:01 - 2015-07-04 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk 2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk 2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk 2015-07-04 10:35 - 2015-07-04 10:35 - 00000284 _____ C:\Users\TiongGee\Desktop\Lenovo Service Bridge.appref-ms 2015-07-04 10:32 - 2015-07-04 10:32 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-07-02 17:27 - 2015-07-02 17:31 - 00000000 ___RD C:\Users\TiongGee\Desktop\Utils 2015-07-02 08:16 - 2015-07-02 08:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2015-06-27 11:46 - 2015-07-06 15:46 - 00000000 ____D C:\Users\TiongGee\Desktop\Security 2015-06-27 11:22 - 2015-06-27 11:22 - 00000000 ____D C:\Users\TGT 2015-06-26 17:02 - 2015-07-06 15:57 - 00002853 _____ C:\windows\setupact.log 2015-06-26 17:02 - 2015-06-26 17:02 - 00000000 _____ C:\windows\setuperr.log 2015-06-19 07:38 - 2015-06-21 14:49 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk 2015-06-19 07:38 - 2015-06-21 14:49 - 00000000 ____D C:\ProgramData\Skype 2015-06-19 07:38 - 2015-06-21 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-06-19 07:38 - 2015-06-19 07:38 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-06-18 07:40 - 2015-06-18 07:40 - 00092672 _____ (Microsoft Corporation) C:\Users\admin\Downloads\fdSSDP.dll 2015-06-18 07:40 - 2015-06-18 07:40 - 00023552 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mciwave.dll 2015-06-18 07:35 - 2015-06-18 00:27 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys 2015-06-18 07:02 - 2013-09-28 03:56 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys 2015-06-10 13:51 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2015-06-10 13:51 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2015-06-10 13:51 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-06-10 13:51 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2015-06-10 13:51 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2015-06-10 13:51 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2015-06-10 13:51 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll 2015-06-10 13:51 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll 2015-06-10 13:51 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll 2015-06-10 13:51 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll 2015-06-10 13:51 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll 2015-06-10 13:51 - 2015-04-08 23:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml 2015-06-10 13:51 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll 2015-06-10 13:51 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll 2015-06-10 13:51 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe 2015-06-10 13:51 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll 2015-06-10 13:51 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll 2015-06-10 13:51 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll 2015-06-10 13:51 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll 2015-06-10 13:51 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll 2015-06-10 13:51 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe 2015-06-10 13:51 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll 2015-06-10 13:51 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe 2015-06-10 13:51 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll 2015-06-10 13:51 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll 2015-06-10 13:51 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll 2015-06-10 13:51 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe 2015-06-10 13:51 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll 2015-06-10 13:51 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll 2015-06-10 13:51 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll 2015-06-10 13:51 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll 2015-06-10 13:51 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll 2015-06-10 13:51 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll 2015-06-10 13:50 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-06-10 13:50 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-06-10 13:50 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-06-10 13:50 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-06-10 13:50 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-06-10 13:50 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-06-10 13:50 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-06-10 13:50 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-06-10 13:50 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-06-10 13:50 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-06-10 13:50 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2015-06-10 13:50 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2015-06-10 13:50 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-06-10 13:50 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-06-10 13:50 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-06-10 13:50 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-06-10 13:50 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll 2015-06-10 13:50 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-06-10 13:50 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-06-10 13:50 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-06-10 13:50 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-06-10 13:50 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-06-10 13:50 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-06-10 13:50 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-06-10 13:50 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-06-10 13:50 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-06-10 13:50 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-06-10 13:50 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-06-10 13:50 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2015-06-10 13:50 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-06-10 13:50 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2015-06-10 13:50 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2015-06-10 13:50 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-06-10 13:50 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-06-10 13:50 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-06-10 13:50 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-06-10 13:50 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-06-10 13:50 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll 2015-06-10 13:50 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-06-10 13:50 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 16:03 - 2014-10-07 19:04 - 00201184 _____ C:\windows\system32\prfh0404.dat 2015-07-06 16:03 - 2014-10-07 19:04 - 00075018 _____ C:\windows\system32\prfc0404.dat 2015-07-06 16:03 - 2014-10-07 18:45 - 00461882 _____ C:\windows\system32\prfh0804.dat 2015-07-06 16:03 - 2014-10-07 18:45 - 00153602 _____ C:\windows\system32\prfc0804.dat 2015-07-06 16:03 - 2014-03-18 10:53 - 01769548 _____ C:\windows\system32\PerfStringBackup.INI 2015-07-06 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru 2015-07-06 15:58 - 2015-05-31 02:44 - 01670233 _____ C:\windows\WindowsUpdate.log 2015-07-06 15:58 - 2015-05-24 00:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Wise Care 365 2015-07-06 15:58 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness 2015-07-06 15:57 - 2015-05-24 00:27 - 00000438 _____ C:\windows\Tasks\Wise Care 365.job 2015-07-06 15:57 - 2014-09-09 01:12 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-06 15:57 - 2014-08-05 15:16 - 00000000 ____D C:\windows\SysWOW64\NV 2015-07-06 15:57 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-07-06 15:56 - 2014-08-05 16:04 - 00008704 _____ C:\windows\system32\VfService.trf 2015-07-06 15:55 - 2014-09-08 22:14 - 00000000 ____D C:\Users\TiongGee\AppData\Local\CrashDumps 2015-07-06 15:41 - 2014-09-09 01:12 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 15:32 - 2014-09-10 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-07-06 14:56 - 2014-09-10 09:50 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-06 14:55 - 2014-09-10 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-06 14:55 - 2014-09-10 10:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-06 12:24 - 2015-02-04 14:10 - 00000000 ____D C:\Program Files (x86)\Agomo 2015-07-06 10:32 - 2014-10-16 12:31 - 00246784 ___SH C:\Users\TiongGee\Desktop\Thumbs.db 2015-07-06 08:17 - 2014-09-10 17:39 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-07-06 07:05 - 2014-09-08 22:38 - 00000401 _____ C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-07-06 07:05 - 2014-08-05 15:14 - 00000000 ___HD C:\Intel 2015-07-06 07:04 - 2014-08-05 15:16 - 00000000 ____D C:\windows\system32\NV 2015-07-06 07:01 - 2010-01-24 22:13 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\foobar2000 2015-07-06 07:00 - 2015-05-24 00:27 - 00000418 _____ C:\windows\Tasks\Wise Turbo Checker.job 2015-07-06 05:44 - 2013-08-22 16:36 - 00000000 ____D C:\windows\security 2015-07-05 06:27 - 2014-09-08 09:54 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Lenovo 2015-07-04 11:07 - 2014-08-05 15:58 - 00000000 ____D C:\ProgramData\Lenovo 2015-07-04 11:01 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-07-04 11:01 - 2014-08-05 15:57 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-07-04 11:00 - 2014-08-05 15:57 - 00000000 ____D C:\windows\Downloaded Installations 2015-07-04 10:32 - 2014-09-09 01:11 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Deployment 2015-07-02 08:16 - 2014-09-10 17:39 - 00001034 _____ C:\Users\admin\Desktop\SpeedFan.lnk 2015-07-02 08:16 - 2014-09-10 17:39 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo 2015-07-01 11:55 - 2011-07-01 22:47 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\vlc 2015-06-28 09:26 - 2014-09-09 01:12 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Google 2015-06-27 11:22 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp 2015-06-26 05:41 - 2014-12-24 10:34 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps 2015-06-26 05:40 - 2014-09-09 19:13 - 00000000 ____D C:\Program Files\CCleaner 2015-06-20 17:59 - 2009-12-17 20:58 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\Skype 2015-06-20 04:02 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-06-20 04:02 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-19 07:28 - 2014-09-08 09:45 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Packages 2015-06-18 20:29 - 2014-12-21 03:31 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieBrowserModeList 2015-06-18 20:29 - 2014-09-08 11:38 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieUserList 2015-06-18 20:29 - 2014-09-08 11:38 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieSiteList 2015-06-18 08:42 - 2014-09-10 10:46 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2014-09-10 10:46 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-06-18 08:41 - 2014-09-10 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-06-18 08:14 - 2014-12-21 23:49 - 00000010 _____ C:\Users\admin\AppData\Local\sponge.last.runtime.cache 2015-06-18 08:05 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData 2015-06-18 07:37 - 2014-08-20 06:14 - 00000000 ____D C:\EEK 2015-06-18 07:35 - 2015-05-11 00:17 - 00000766 _____ C:\Users\admin\Desktop\Start Emsisoft Emergency Kit.lnk 2015-06-17 18:51 - 2014-09-10 15:26 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk 2015-06-17 18:51 - 2014-09-10 15:26 - 00000908 _____ C:\Users\Public\Desktop\Pale Moon.lnk 2015-06-17 18:51 - 2014-09-10 15:26 - 00000000 ____D C:\Program Files\Pale Moon 2015-06-12 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache 2015-06-11 00:07 - 2015-05-31 02:43 - 00414696 _____ C:\windows\system32\FNTCACHE.DAT 2015-06-11 00:04 - 2015-04-17 00:18 - 00000000 ____D C:\windows\system32\appraiser 2015-06-11 00:04 - 2015-03-14 01:12 - 00000000 ___SD C:\windows\system32\CompatTel 2015-06-11 00:04 - 2014-09-08 12:55 - 00000000 ____D C:\windows\system32\MRT 2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\zh-HK 2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\en-GB 2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\zh-HK 2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\en-GB 2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\PolicyDefinitions 2015-06-10 23:51 - 2014-09-08 12:55 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-06-07 02:58 - 2014-11-30 14:31 - 00000000 ____D C:\Users\TiongGee\Documents\Visual Studio 2013 ==================== Files in the root of some directories ======= 2014-09-10 15:32 - 2014-09-11 08:41 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2011-07-20 03:13 - 2012-03-10 10:58 - 0000167 _____ () C:\Users\TiongGee\AppData\Roaming\Battery Meter_Settings.ini 2011-07-20 03:19 - 2012-03-09 07:48 - 0000352 _____ () C:\Users\TiongGee\AppData\Roaming\Network Meter_Settings.ini 2013-02-25 06:43 - 2013-02-25 06:43 - 0000026 _____ () C:\Users\TiongGee\AppData\Roaming\prio.ini 2010-01-15 09:55 - 2011-08-19 10:35 - 0003694 _____ () C:\Users\TiongGee\AppData\Roaming\wklnhst.dat 2013-07-08 10:49 - 2013-07-08 10:50 - 0008192 _____ () C:\Users\TiongGee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-02-05 20:31 - 2013-09-30 17:49 - 0007609 _____ () C:\Users\TiongGee\AppData\Local\Resmon.ResmonCfg 2014-12-26 05:38 - 2014-12-26 05:38 - 0220768 _____ () C:\ProgramData\1419568515.bdinstall.bin 2015-02-20 17:52 - 2015-02-20 17:53 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2014-08-05 15:30 - 2014-08-05 15:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-07 01:14 - 2015-05-07 01:13 - 0019535 _____ () C:\ProgramData\empty.ico 2015-07-04 13:33 - 2015-07-04 13:34 - 0002502 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log 2015-07-04 13:34 - 2015-07-04 13:34 - 0001239 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log Some files in TEMP: ==================== C:\Users\admin\AppData\Local\Temp\Quarantine.exe C:\Users\admin\AppData\Local\Temp\sfamcc00001.dll C:\Users\admin\AppData\Local\Temp\sfareca00001.dll C:\Users\admin\AppData\Local\Temp\sfextra.dll C:\Users\admin\AppData\Local\Temp\sqlite3.dll Some zero byte size files/folders: ========================== C:\Windows\System32\Drivers\avchv.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information. ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015 Ran by TGT at 2015-07-06 16:07:59 Running from D:\Documents\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-3019814323-1221305904-3904259001-1003 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-3019814323-1221305904-3904259001-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-3019814323-1221305904-3904259001-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3019814323-1221305904-3904259001-1006 - Limited - Enabled) TGT (S-1-5-21-3019814323-1221305904-3904259001-1002 - Limited - Enabled) => C:\Users\TiongGee UpdatusUser (S-1-5-21-3019814323-1221305904-3904259001-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5976 - Piriform) Agomo Installer (x32 Version: 1.0.0.5936 - Piriform) Hidden Analog Clock-7 2.1 (HKLM-x32\...\Analog Clock - 7_is1) (Version: - Style-7) Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc) Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project) AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.) Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden DNSCrypt (HKLM-x32\...\{DEF3592F-0751-4632-9875-8BF9AD602898}) (Version: 0.0.6 - OpenDNS) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dragon Assistant Application en-GB version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.) Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.) Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.) Dragon Assistant Language Data en-GB version 1.1.3 (HKLM-x32\...\{CA54E6DD-70F8-4AE5-8427-522A52FC4408}_is1) (Version: 1.1.3 - Nuance Communications, Inc.) EMET 5.1 (HKLM-x32\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Energy Manager (x32 Version: 1.0.0.32 - Lenovo) Hidden Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski) FXCM Trading Station (HKLM-x32\...\FXCM Trading Station) (Version: 111313 - ) FXCM Trading Station (x32 Version: 111313 - FXCM) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Photos Backup (HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Google Photos Backup) (Version: 1.1.0.219 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.) HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - ) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation) Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab) Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.) Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Lenovo Motion Control (x32 Version: 2.0.0.0807 - PointGrab) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden Lenovo Service Bridge (HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\cbe8636f7dd0cf1d) (Version: 1.3.1.0 - Lenovo) Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0043 - Lenovo) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) LibreOffice 4.3 Help Pack (English (United Kingdom)) (HKLM-x32\...\{EC755304-27EB-4F2D-9800-F370DBC374EF}) (Version: 4.3.1.2 - The Document Foundation) LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation) NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) OpticalSmartHub (HKLM-x32\...\OpticalSmartHub) (Version: - ) Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation) Pale Moon 25.5.0 (x64 en-US) (HKLM\...\Pale Moon 25.5.0 (x64 en-US)) (Version: 25.5.0 - Moonchild Productions) Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7133 - Realtek Semiconductor Corp.) SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Skype 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.) SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TunnelBear (HKLM-x32\...\{c8811a2f-f50d-405f-a18e-ca32f0528e73}) (Version: 2.2.27.0 - TunnelBear) TunnelBear (x32 Version: 2.2.27.0 - TunnelBear) Hidden TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1467.1 - Microsoft Corporation) Hidden User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation) VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Wise Care 365 3.63 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.63 - WiseCleaner.com, Inc.) Wise Folder Hider 2.02 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 2.02 - WiseCleaner.com, Inc.) Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Task: C:\windows\Tasks\Wise Care 365.job => Task: C:\windows\Tasks\Wise Turbo Checker.job => ==================== Loaded Modules (Whitelisted) ============== 2014-12-26 05:37 - 2013-03-19 05:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll 2014-11-09 09:10 - 2014-11-09 09:10 - 00166536 _____ () C:\Program Files (x86)\EMET 5.1\HelperLib.dll 2014-11-09 09:10 - 2014-11-09 09:10 - 00045192 _____ () C:\Program Files (x86)\EMET 5.1\TrayIconSubsystem.dll 2014-11-09 09:10 - 2014-11-09 09:10 - 00045704 _____ () C:\Program Files (x86)\EMET 5.1\TelemetrySubsystem.dll 2014-02-08 11:19 - 2014-02-08 11:19 - 00348160 _____ () C:\Program Files (x86)\EMET 5.1\DevExpress.UserSkins.HighContrast.dll 2014-08-05 15:36 - 2015-03-19 21:02 - 00393480 _____ () C:\windows\system32\igfxTray.exe 2015-06-22 16:43 - 2015-06-20 08:20 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll 2015-06-22 16:43 - 2015-06-20 08:20 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\TiongGee\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76066639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clrmmc.sys => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76066639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clrmmc.sys => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\Control Panel\Desktop\\Wallpaper -> D:\Reference\Places\Malaysia\Places\Pulau Rawa.png DNS Servers: 208.67.222.222 - 208.67.220.220 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk" HKLM\...\StartupApproved\StartupFolder: => "OpenDNSCrypt.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "Andy" HKLM\...\StartupApproved\Run32: => "Agomo" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\StartupFolder: => "Calendar.lnk" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\StartupFolder: => "Sticky Notes.lnk" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: => "appnhost" HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: => "Google Photos Backup" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7D49502D-3207-4B77-845E-9823FC8BE036}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{2283A1AB-A3ED-410A-98A9-703C58162C58}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{AE65AE59-32D4-49D3-8026-D73F91F8F42A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{4B4332BC-D42C-4F4B-B8BF-C671B8DEFD7E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{4B5101FF-46D9-4F52-B048-3A9ADE04285D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{6A3235A9-E0EA-4D6D-9F96-2069FC083AA6}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{635290EA-97AC-4F27-AB30-1ED04705A552}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe FirewallRules: [{CB16F438-5DD6-4686-94DC-01B48F2408B3}] => (Allow) LPort=55100 FirewallRules: [{F5FBBC24-C666-4DD5-85B4-888C93E983F0}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe FirewallRules: [{C873A98A-4157-45F6-81A4-8334F0CFF6BF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [TCP Query User{D125B809-0CCD-449B-B715-1423C9D99020}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [UDP Query User{FB3BC8B7-4862-4319-9477-A5DF5185DA0C}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{A8A2E6D2-140F-44E6-A30B-844E2E9C818A}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{1B2622E7-C76B-423D-89EA-E6474EA4845D}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin FirewallRules: [{9BD0E5BE-0631-437D-8B88-8DB543FBFE23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{908C5680-C66B-4BE0-8899-5E4E7F1DD990}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FAF60A13-D062-4211-A5A0-0757B6516537}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D031B856-3E63-4E8A-A5B3-95D4069E534E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{472E9EA6-C7CD-4C45-9C38-6B8B43067C4E}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe FirewallRules: [UDP Query User{0647320D-016A-40F3-B870-D58C2E2A00C8}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe FirewallRules: [{62DC66DE-760A-4151-9E44-C9F7635007E6}] => (Block) C:\program files\andy\andy.exe FirewallRules: [{C95537C8-2FA3-4BE8-8DBF-57CA84166037}] => (Block) C:\program files\andy\andy.exe FirewallRules: [TCP Query User{1DC17D84-4832-46DB-B78D-251747F77B66}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{76419E35-EAFC-4569-BA22-941109E74AFB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{AE3E97BC-1577-41B4-BBDD-5B0F4FB5A5F5}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{30C32BAD-2518-4582-9B9C-8A3C18F41DCA}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{91C20D11-362E-49BE-BC81-BD49BB1018F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{94098BCC-AD28-4A41-817C-ECC14AA79C97}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{BAACB0B2-DE56-468B-AF9D-CFEEBC68C390}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (07/06/2015 03:53:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2 Faulting module name: tClock.dll_unloaded, version: 2.0.1.81, time stamp: 0x4d7d0016 Exception code: 0xc0000005 Fault offset: 0x0000000000010c80 Faulting process ID: 0x9f8 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report ID: Explorer.EXE3 Faulting package full name: Explorer.EXE4 Faulting package-relative application ID: Explorer.EXE5 Error: (07/05/2015 06:30:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ideapad) Description: Product: Nitro PDF Reader -- You are running a 64-bit operating system. Please download the 64-bit Nitro PDF Reader installer from http://www.nitropdf.com/downloads/ Error: (07/05/2015 06:17:09 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (07/04/2015 03:44:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x545036ce Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737 Exception code: 0xe0434352 Fault offset: 0x0000000000008b9c Faulting process ID: 0xa498 Faulting application start time: 0xwwahost.exe0 Faulting application path: wwahost.exe1 Faulting module path: wwahost.exe2 Report ID: wwahost.exe3 Faulting package full name: wwahost.exe4 Faulting package-relative application ID: wwahost.exe5 Error: (07/04/2015 03:44:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: wwahost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Exception Stack: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (07/04/2015 11:24:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Gfxv4_0.exe, version: 8.15.10.3907, time stamp: 0x53e0fbbd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00007ffb510ce7c8 Faulting process ID: 0xa70c Faulting application start time: 0xGfxv4_0.exe0 Faulting application path: Gfxv4_0.exe1 Faulting module path: Gfxv4_0.exe2 Report ID: Gfxv4_0.exe3 Faulting package full name: Gfxv4_0.exe4 Faulting package-relative application ID: Gfxv4_0.exe5 Error: (07/04/2015 11:24:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Gfxv4_0.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at GfxUI.Display.DisplayMainPage.GetProfileData(System.String, igfxDHLib._CUI_PROFILE_DATA ByRef) at GfxUI.Display.DisplayMainPage.displayProfileCombo_SelectionChanged(System.Object, System.Windows.RoutedEventArgs) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) at System.Windows.Controls.ComboBox.OnSelectionChanged(System.Windows.Controls.SelectionChangedEventArgs) at System.Windows.Controls.Primitives.Selector+SelectionChanger.End() at System.Windows.Controls.Primitives.Selector+SelectionChanger.SelectJustThisItem(ItemInfo, Boolean) at System.Windows.Controls.ComboBoxItem.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs) at System.Windows.Input.InputManager.ProcessStagingArea() at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport) at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32) at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef) at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run() at GfxUI.App.Main() Error: (07/04/2015 06:00:14 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 System errors: ============= Error: (07/06/2015 03:57:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dnscrypt-proxy service failed to start due to the following error: %%2 Error: (07/06/2015 03:56:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (07/06/2015 03:56:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (07/06/2015 03:56:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (07/06/2015 03:54:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (07/06/2015 03:53:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/06/2015 03:53:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (07/06/2015 03:53:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.3.9600.1766754c6f7c2tClock.dll_unloaded2.0.1.814d7d0016c00000050000000000010c809f801d0b7b1ac53e6a3C:\windows\Explorer.EXEtClock.dllcbd6d5d4-23ee-11e5-82a3-f8165431bf9a Error: (07/05/2015 06:30:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ideapad) Description: Product: Nitro PDF Reader -- You are running a 64-bit operating system. Please download the 64-bit Nitro PDF Reader installer from http://www.nitropdf.com/downloads/(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/05/2015 06:17:09 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (07/04/2015 03:44:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wwahost.exe6.3.9600.17415545036ceKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9ca49801d0b667d382983fC:\windows\system32\wwahost.exeC:\windows\system32\KERNELBASE.dll2ee5f8f7-225b-11e5-82a2-f8165431bf9aMicrosoft.BingNews_3.0.4.322_x64__8wekyb3d8bbweAppexNews Error: (07/04/2015 03:44:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: wwahost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Exception Stack: at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (07/04/2015 11:24:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gfxv4_0.exe8.15.10.390753e0fbbdunknown0.0.0.000000000c000000500007ffb510ce7c8a70c01d0b64341e7e40bC:\windows\system32\Gfxv4_0.exeunknownea918e70-2236-11e5-82a2-f8165431bf9a Error: (07/04/2015 11:24:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Gfxv4_0.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at GfxUI.Display.DisplayMainPage.GetProfileData(System.String, igfxDHLib._CUI_PROFILE_DATA ByRef) at GfxUI.Display.DisplayMainPage.displayProfileCombo_SelectionChanged(System.Object, System.Windows.RoutedEventArgs) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) at System.Windows.Controls.ComboBox.OnSelectionChanged(System.Windows.Controls.SelectionChangedEventArgs) at System.Windows.Controls.Primitives.Selector+SelectionChanger.End() at System.Windows.Controls.Primitives.Selector+SelectionChanger.SelectJustThisItem(ItemInfo, Boolean) at System.Windows.Controls.ComboBoxItem.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent) at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object) at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs) at System.Windows.Input.InputManager.ProcessStagingArea() at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport) at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32) at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef) at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run() at GfxUI.App.Main() Error: (07/04/2015 06:00:14 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 CodeIntegrity Errors: =================================== Date: 2015-04-18 04:44:03.112 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-27 00:26:01.073 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-23 00:08:35.417 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-21 04:20:05.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-20 22:52:55.735 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-10-09 15:49:16.824 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-26 18:16:45.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz Percentage of memory in use: 37% Total physical RAM: 8115.27 MB Available physical RAM: 5105.04 MB Total Virtual: 12719.27 MB Available Virtual: 8128.21 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:215.37 GB) (Free:127.48 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (MyStuff) (Fixed) (Total:207.9 GB) (Free:150.33 GB) NTFS Drive e: (LENOVO) (Fixed) (Total:25 GB) (Free:18.6 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of log ============================ ====================================================================================== I've just realised I was running FRST in as non-admin. If you need to see the admin-run result, please let me know. Thanks

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 06 July 2015 - 12:18 PM

I am unable to read your logs in the current format.

Please save the log with a text editor and make sure that each line has a carriage return.

The same way your HijackThis was submitted.

#5 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 12:26 PM

Is it ok if I attach them all?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 06 July 2015 - 01:38 PM

If you have too yes.

#7 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 01:55 PM

As attached (more to come)

Attached Files



#8 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 01:57 PM

Seems only allowed 1 file each time...

Attached Files



#9 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 01:59 PM

mbam...

#10 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 02:01 PM

frst
frst's addition. That's all

#11 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 02:03 PM

sorry, frst again

#12 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 06 July 2015 - 02:07 PM

Attachments don't go through after the first 2 posts! So here are mbam, frst, and addition pasted ...

Edit: looked ok when pasted and even in preview. But not ok after posting. Trying again...

**********************************************************************************
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/07/2015
Scan Time: 14:56
Logfile: mbam-log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.06.03
Rootkit Database: v2015.07.05.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 570346
Time Elapsed: 26 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
********************************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by TGT (ATTENTION: The logged in user is not administrator) on IDEAPAD on 06-07-2015 16:07:14
Running from D:\Documents\Downloads
Loaded Profiles: UpdatusUser &amp; TGT (Available Profiles: UpdatusUser &amp; TGT &amp; admin &amp; Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -&gt; smss.exe
Failed to access process -&gt; csrss.exe
Failed to access process -&gt; wininit.exe
Failed to access process -&gt; csrss.exe
Failed to access process -&gt; services.exe
Failed to access process -&gt; lsass.exe
Failed to access process -&gt; winlogon.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; gzserv.exe
Failed to access process -&gt; dwm.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; igfxCUIService.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; wlanext.exe
Failed to access process -&gt; conhost.exe
Failed to access process -&gt; spoolsv.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; DACore.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; OpenDNSCryptService.exe
Failed to access process -&gt; dasHost.exe
Failed to access process -&gt; EMET_Service.exe
Failed to access process -&gt; dnscrypt-proxy.exe
Failed to access process -&gt; conhost.exe
Failed to access process -&gt; EvtEng.exe
Failed to access process -&gt; HeciServer.exe
Failed to access process -&gt; ibtrksrv.exe
Failed to access process -&gt; IpOverUsbSvc.exe
Failed to access process -&gt; iSCTAgent.exe
Failed to access process -&gt; kss.exe
Failed to access process -&gt; LenovoWiFiHotspotSvr.exe
Failed to access process -&gt; mbae-svc.exe
Failed to access process -&gt; mbae64.exe
Failed to access process -&gt; PGService.exe
Failed to access process -&gt; conhost.exe
Failed to access process -&gt; RegSrvc.exe
Failed to access process -&gt; RichVideo64.exe
Failed to access process -&gt; sqlwriter.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; VfConnectorService.exe
Failed to access process -&gt; ZeroConfigService.exe
Failed to access process -&gt; AgomoClient.exe
Failed to access process -&gt; unsecapp.exe
Failed to access process -&gt; WmiPrvSE.exe
Failed to access process -&gt; WmiPrvSE.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; svchost.exe
Failed to access process -&gt; WUDFHost.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Agent.exe
Failed to access process -&gt; PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
Failed to access process -&gt; GoogleCrashHandler.exe
Failed to access process -&gt; SearchIndexer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
Failed to access process -&gt; GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Failed to access process -&gt; devmonsrv.exe
Failed to access process -&gt; obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ITSamples.com) D:\Progs\NetworkIndicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Stoic Joker's Network) D:\Progs\TClock 2010\Clock.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1043_x64__8wekyb3d8bbwe\onenoteim.exe
(Lenovo) C:\Users\TiongGee\AppData\Local\Apps\2.0\730Q7V64.VNY\CDB5N44R.VQY\lsb...tion_91a10ba61c75c82d_0001.0003_e64b99d0aeadb214\LSB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -&gt; IAStorDataMgrSvc.exe
Failed to access process -&gt; IntelMeFWService.exe
Failed to access process -&gt; jhi_service.exe
Failed to access process -&gt; LMS.exe
Failed to access process -&gt; daemonu.exe
Failed to access process -&gt; wmpnetwk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -&gt; SearchProtocolHost.exe
Failed to access process -&gt; SearchFilterHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] =&gt; C:\windows\system32\igfxtray.exe [393480 2015-03-19] ()
HKLM\...\Run: [BTMTrayAgent] =&gt; rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] =&gt; C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] =&gt; C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] =&gt; C:\windows\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] =&gt; C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] =&gt; C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] =&gt; C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] =&gt; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] =&gt; C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] =&gt; C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [Agomo] =&gt; C:\Program Files (x86)\Agomo\Agomo.exe [2017560 2015-05-07] (Piriform)
HKLM-x32\...\Run: [Andy] =&gt; C:\Program Files\Andy\HandyAndy.exe [907144 2015-02-03] ()
HKLM-x32\...\RunOnce: [GrpConv] =&gt; grpconv -o
HKLM-x32\...\RunOnce: [{BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}] =&gt; cmd.exe /C start /D "C:\Users\admin\AppData\Local\Temp" /B {BA1BD6D3-C2BE-4E50-AE93-1B0D58DEDBF3}.exe -accepteula -accepteulaksn -activeimages -postboot
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [NetworkIndicator] =&gt; D:\Progs\NetworkIndicator.exe [344064 2014-09-12] (ITSamples.com)
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [CCleaner Monitoring] =&gt; C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Run: [Google Photos Backup] =&gt; C:\Users\TiongGee\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-05-29] (Google, Inc)
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\MountPoints2: {876fc2a2-77e6-11e4-826e-f8165431bf9a} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\MountPoints2: {e7153642-3ef4-11e4-8268-f8165431bf9a} - "G:\Setup.exe"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\Control Panel\Desktop\\SCRNSAVE.EXE -&gt; C:\Windows\SysWOW64\ANALOG~1.SCR [147456 2012-02-07] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll =&gt; C:\windows\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll =&gt; C:\windows\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-09-11]
ShortcutTarget: Install LastPass IE RunOnce.lnk -&gt; C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-05]
ShortcutTarget: ISCTSystray.lnk -&gt; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenDNSCrypt.lnk [2014-10-01]
ShortcutTarget: OpenDNSCrypt.lnk -&gt; C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-03-13]
ShortcutTarget: Stickies.lnk -&gt; C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar.lnk [2014-08-17]
ShortcutTarget: Calendar.lnk -&gt; D:\Progs\DesktopCalendar\Calendar.exe (Glenn Delahoy)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2014-08-17]
ShortcutTarget: Sticky Notes.lnk -&gt; D:\Progs\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2014-09-10]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -&gt; D:\Progs\TClock 2010\Clock.exe (Stoic Joker's Network)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar.lnk [2014-08-17]
ShortcutTarget: Calendar.lnk -&gt; D:\Progs\DesktopCalendar\Calendar.exe (Glenn Delahoy)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2014-08-17]
ShortcutTarget: Sticky Notes.lnk -&gt; D:\Progs\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik)
Startup: C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2014-09-10]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -&gt; D:\Progs\TClock 2010\Clock.exe (Stoic Joker's Network)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -&gt; {1E9CED2C-E7B4-4C47-B07A-25416393B67B} =&gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -&gt; {C1285F4D-918F-4EF2-BC94-CAD5B118C835} =&gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -&gt; {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} =&gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -&gt; {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} =&gt; C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -&gt; {1E9CED2C-E7B4-4C47-B07A-25416393B67B} =&gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -&gt; {C1285F4D-918F-4EF2-BC94-CAD5B118C835} =&gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -&gt; {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} =&gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -&gt; {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} =&gt; C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-3019814323-1221305904-3904259001-1001] ATTENTION ==&gt; Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -&gt; {65A44486-7204-4B13-A109-98FB8439CAD0} URL =
SearchScopes: HKU\S-1-5-21-3019814323-1221305904-3904259001-1002 -&gt; {65A44486-7204-4B13-A109-98FB8439CAD0} URL =
BHO: Canon Easy-WebPrint EX BHO -&gt; {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -&gt; C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: LastPass Vault -&gt; {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -&gt; C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-01] (LastPass)
BHO-x32: Canon Easy-WebPrint EX BHO -&gt; {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -&gt; C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: LastPass Vault -&gt; {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -&gt; C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-01] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-01] (LastPass)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-01] (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3019814323-1221305904-3904259001-1002 -&gt; Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42E2292E-E0DF-437C-B814-F3843CBCA4C7}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{42E2292E-E0DF-437C-B814-F3843CBCA4C7}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{46874780-37F6-4749-9960-6A8EC1CE7439}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{9F1C13B9-D7A3-4542-8AD0-A5F9F0124A25}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{9F1C13B9-D7A3-4542-8AD0-A5F9F0124A25}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B4BE9C53-FB7A-4705-8044-830E1329A5CE}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{B4BE9C53-FB7A-4705-8044-830E1329A5CE}: [DhcpNameServer] 192.168.16.254 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default
FF Plugin: @lastpass.com/NPLastPass -&gt; C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-09-11] (LastPass)
FF Plugin-x32: @canon.com/EPPEX -&gt; C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -&gt; C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -&gt; C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -&gt; C:\Program Files (x86)\LastPass\nplastpass.dll [2014-09-11] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -&gt; C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -&gt; C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -&gt; C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF user.js: detected! =&gt; C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\user.js [2013-06-06]
FF Plugin ProgramFiles/Appdata: C:\Users\TiongGee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TiongGee\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF SearchPlugin: C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\searchplugins\imdb.xml [2010-05-29]
FF Extension: PayPal Wishlist extension - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\jid1-ryeTB1DaJaCaUw@jetpack [2011-12-15]
FF Extension: LastPass - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\support@lastpass.com [2014-08-17]
FF Extension: Flashblock - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-24]
FF Extension: ReminderFox - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-18]
FF Extension: Flash and Video Download - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013-11-23]
FF Extension: Wired-Marker - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2012-05-03]
FF Extension: Disconnect - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\2.0@disconnect.me.xpi [2013-01-18]
FF Extension: Flash Video Downloader - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\artur.dubovoy@gmail.com.xpi [2011-08-16]
FF Extension: Certificate Patrol - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\CertPatrol@PSYC.EU.xpi [2011-07-19]
FF Extension: Ghostery - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\firefox@ghostery.com.xpi [2013-11-23]
FF Extension: Wiktionary and Google Translate - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\googledictionary@toptip.ca.xpi [2011-09-15]
FF Extension: Image Zoom - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-17]
FF Extension: NoScript - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-23]
FF Extension: Adblock Plus - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: BetterPrivacy - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-05-14]
FF Extension: Download Statusbar - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-28]
FF Extension: Tab Mix Plus - C:\Users\TiongGee\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\CertPatrol@PSYC.EU.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\2.0@disconnect.me.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\googledictionary@toptip.ca.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\artur.dubovoy@gmail.com.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [not found]
FF Extension: No Name - C:\Users\TGT\AppData\Roaming\Mozilla\Firefox\Profiles\dskienav.default\extensions\support@lastpass.com [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Analog Clock CE-7) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbfjhfedihcnjjgningomdcmmpgfodn [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-10-23]
CHR Extension: (YouTube) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Adblock Plus) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-08]
CHR Extension: (uBlock Origin) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-02-15]
CHR Extension: (Google Search) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (KeyRocket for Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2014-09-28]
CHR Extension: (Google Calendar) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-08]
CHR Extension: (Video Downloader professional) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-29]
CHR Extension: (ZenMate Security, Privacy &amp; Unblock VPN) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-21]
CHR Extension: (Google Sheets) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Click&amp;Clean) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-02-10]
CHR Extension: (Google Calendar (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-09-08]
CHR Extension: (Next Bus London) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod [2014-09-08]
CHR Extension: (ScriptBlock) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-05-31]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-08]
CHR Extension: (Simple Highlighter) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj [2014-09-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-07-03]
CHR Extension: (Disconnect) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-08]
CHR Extension: (PixelBlock) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpmfcjnflbcoidlgapblgpgbilinlem [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Boomerang for Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-09-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-09-08]
CHR Extension: (Ghostery) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-08]
CHR Extension: (Save to Pocket) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-09-08]
CHR Extension: (Evernote Web Clipper) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-08]
CHR Extension: (Gmail) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR Extension: (Privacy Badger) - C:\Users\TiongGee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2014-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [15089432 2015-05-07] (Piriform)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 DNSCrypt; C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [14336 2012-08-03] () [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-05] (Lenovo(beijing) Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-08] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-08] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2015-06-24] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-21] (Microsoft Corporation) [File not signed]
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-05] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-05-12] (WiseCleaner.com)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
S2 dnscrypt-proxy; D:\Progs\DNSCrypt\1.4.1\dnscrypt-proxy.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-08-19] (Emsisoft GmbH)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-12-26] () &lt;==== ATTENTION (zero byte File/Folder)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R1 BTOWSFF; C:\windows\System32\Drivers\BTOWSFF.sys [33024 2015-03-01] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2015-03-01] (Toolwiz.com)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-08-19] (Emsisoft GmbH)
R1 clrmmc; C:\Windows\system32\drivers\clrmmc.sys [45736 2015-07-04] (Promosoft Software Limited)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-18] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-14] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-14] ()
R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2015-03-01] (Toolwiz.com)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
R3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 WiseFS; C:\Program Files (x86)\Wise\Wise Folder Hider\WiseFs64.sys [10280 2014-03-14] () [File not signed]
S3 WiseHDInfo; C:\windows\WiseHDInfo64.dll [14800 2015-05-24] (wisecleaner.com)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz138; \??\C:\windows\TEMP\cpuz138\cpuz138_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 16:07 - 2015-07-06 16:07 - 00000000 ____D C:\FRST
2015-07-06 16:05 - 2015-07-06 16:05 - 00004323 _____ C:\Users\TiongGee\Documents\AdwCleaner[S1].txt
2015-07-06 16:03 - 2015-07-06 16:03 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys.upd
2015-07-06 15:56 - 2015-07-06 15:56 - 00000254 _____ C:\windows\PFRO.log
2015-07-06 14:55 - 2015-07-06 14:55 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-06 10:32 - 2015-07-06 10:32 - 00002926 _____ C:\Users\TiongGee\Desktop\Tax.lnk
2015-07-06 05:52 - 2015-07-06 05:52 - 00000000 ____D C:\windows\LastGood.Tmp
2015-07-04 13:34 - 2015-07-04 13:34 - 00045736 _____ (Promosoft Software Limited) C:\windows\system32\Drivers\clrmmc.sys
2015-07-04 13:34 - 2015-07-04 13:34 - 00001239 _____ C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log
2015-07-04 13:34 - 2015-07-04 13:34 - 00001025 _____ C:\Users\admin\Desktop\Secure Folders.lnk
2015-07-04 13:34 - 2015-07-04 13:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secure Folders
2015-07-04 13:34 - 2015-07-04 13:34 - 00000000 ____D C:\Program Files (x86)\Secure Folders
2015-07-04 13:33 - 2015-07-04 13:34 - 00002502 _____ C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log
2015-07-04 13:33 - 2015-07-04 13:34 - 00000000 ____D C:\ProgramData\{28D5D3C0-9147-4bb7-B2D0-453118720FE3}
2015-07-04 11:09 - 2015-07-04 11:09 - 00000000 ____D C:\Users\Default\AppData\Local\Tvsukernel
2015-07-04 11:09 - 2015-07-04 11:09 - 00000000 ____D C:\Users\Default User\AppData\Local\Tvsukernel
2015-07-04 11:01 - 2015-07-04 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-07-04 11:01 - 2013-12-11 18:40 - 00002092 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-07-04 10:35 - 2015-07-04 10:35 - 00000284 _____ C:\Users\TiongGee\Desktop\Lenovo Service Bridge.appref-ms
2015-07-04 10:32 - 2015-07-04 10:32 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-02 17:27 - 2015-07-02 17:31 - 00000000 ___RD C:\Users\TiongGee\Desktop\Utils
2015-07-02 08:16 - 2015-07-02 08:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-06-27 11:46 - 2015-07-06 15:46 - 00000000 ____D C:\Users\TiongGee\Desktop\Security
2015-06-27 11:22 - 2015-06-27 11:22 - 00000000 ____D C:\Users\TGT
2015-06-26 17:02 - 2015-07-06 15:57 - 00002853 _____ C:\windows\setupact.log
2015-06-26 17:02 - 2015-06-26 17:02 - 00000000 _____ C:\windows\setuperr.log
2015-06-19 07:38 - 2015-06-21 14:49 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-19 07:38 - 2015-06-21 14:49 - 00000000 ____D C:\ProgramData\Skype
2015-06-19 07:38 - 2015-06-21 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-19 07:38 - 2015-06-19 07:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-18 07:40 - 2015-06-18 07:40 - 00092672 _____ (Microsoft Corporation) C:\Users\admin\Downloads\fdSSDP.dll
2015-06-18 07:40 - 2015-06-18 07:40 - 00023552 _____ (Microsoft Corporation) C:\Users\admin\Downloads\mciwave.dll
2015-06-18 07:35 - 2015-06-18 00:27 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-06-18 07:02 - 2013-09-28 03:56 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-06-10 13:51 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 13:51 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 13:51 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 13:51 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 13:51 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 13:51 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-10 13:51 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-10 13:51 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-10 13:51 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-10 13:51 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-10 13:51 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-10 13:51 - 2015-04-08 23:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-10 13:51 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-10 13:51 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-10 13:51 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-10 13:51 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-10 13:51 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-10 13:51 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-10 13:51 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-10 13:51 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-10 13:51 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-10 13:51 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-10 13:51 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 13:51 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-10 13:51 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-10 13:51 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-10 13:51 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-10 13:51 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-10 13:51 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-10 13:51 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-10 13:51 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-10 13:51 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-10 13:51 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-10 13:50 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 13:50 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 13:50 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 13:50 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 13:50 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 13:50 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 13:50 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 13:50 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 13:50 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 13:50 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 13:50 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-10 13:50 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-10 13:50 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 13:50 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 13:50 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 13:50 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 13:50 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-10 13:50 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 13:50 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 13:50 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 13:50 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 13:50 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 13:50 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 13:50 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 13:50 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 13:50 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 13:50 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 13:50 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 13:50 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-10 13:50 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 13:50 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-10 13:50 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-10 13:50 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 13:50 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 13:50 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 13:50 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 13:50 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 13:50 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-10 13:50 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 13:50 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 16:03 - 2014-10-07 19:04 - 00201184 _____ C:\windows\system32\prfh0404.dat
2015-07-06 16:03 - 2014-10-07 19:04 - 00075018 _____ C:\windows\system32\prfc0404.dat
2015-07-06 16:03 - 2014-10-07 18:45 - 00461882 _____ C:\windows\system32\prfh0804.dat
2015-07-06 16:03 - 2014-10-07 18:45 - 00153602 _____ C:\windows\system32\prfc0804.dat
2015-07-06 16:03 - 2014-03-18 10:53 - 01769548 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-06 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2015-07-06 15:58 - 2015-05-31 02:44 - 01670233 _____ C:\windows\WindowsUpdate.log
2015-07-06 15:58 - 2015-05-24 00:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Wise Care 365
2015-07-06 15:58 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-06 15:57 - 2015-05-24 00:27 - 00000438 _____ C:\windows\Tasks\Wise Care 365.job
2015-07-06 15:57 - 2014-09-09 01:12 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 15:57 - 2014-08-05 15:16 - 00000000 ____D C:\windows\SysWOW64\NV
2015-07-06 15:57 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-06 15:56 - 2014-08-05 16:04 - 00008704 _____ C:\windows\system32\VfService.trf
2015-07-06 15:55 - 2014-09-08 22:14 - 00000000 ____D C:\Users\TiongGee\AppData\Local\CrashDumps
2015-07-06 15:41 - 2014-09-09 01:12 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 15:32 - 2014-09-10 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-06 14:56 - 2014-09-10 09:50 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 14:55 - 2014-09-10 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-06 14:55 - 2014-09-10 10:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-06 12:24 - 2015-02-04 14:10 - 00000000 ____D C:\Program Files (x86)\Agomo
2015-07-06 10:32 - 2014-10-16 12:31 - 00246784 ___SH C:\Users\TiongGee\Desktop\Thumbs.db
2015-07-06 08:17 - 2014-09-10 17:39 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-06 07:05 - 2014-09-08 22:38 - 00000401 _____ C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-07-06 07:05 - 2014-08-05 15:14 - 00000000 ___HD C:\Intel
2015-07-06 07:04 - 2014-08-05 15:16 - 00000000 ____D C:\windows\system32\NV
2015-07-06 07:01 - 2010-01-24 22:13 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\foobar2000
2015-07-06 07:00 - 2015-05-24 00:27 - 00000418 _____ C:\windows\Tasks\Wise Turbo Checker.job
2015-07-06 05:44 - 2013-08-22 16:36 - 00000000 ____D C:\windows\security
2015-07-05 06:27 - 2014-09-08 09:54 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Lenovo
2015-07-04 11:07 - 2014-08-05 15:58 - 00000000 ____D C:\ProgramData\Lenovo
2015-07-04 11:01 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-07-04 11:01 - 2014-08-05 15:57 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-07-04 11:00 - 2014-08-05 15:57 - 00000000 ____D C:\windows\Downloaded Installations
2015-07-04 10:32 - 2014-09-09 01:11 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Deployment
2015-07-02 08:16 - 2014-09-10 17:39 - 00001034 _____ C:\Users\admin\Desktop\SpeedFan.lnk
2015-07-02 08:16 - 2014-09-10 17:39 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo
2015-07-01 11:55 - 2011-07-01 22:47 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\vlc
2015-06-28 09:26 - 2014-09-09 01:12 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Google
2015-06-27 11:22 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-26 05:41 - 2014-12-24 10:34 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-06-26 05:40 - 2014-09-09 19:13 - 00000000 ____D C:\Program Files\CCleaner
2015-06-20 17:59 - 2009-12-17 20:58 - 00000000 ____D C:\Users\TiongGee\AppData\Roaming\Skype
2015-06-20 04:02 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 04:02 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 07:28 - 2014-09-08 09:45 - 00000000 ____D C:\Users\TiongGee\AppData\Local\Packages
2015-06-18 20:29 - 2014-12-21 03:31 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieBrowserModeList
2015-06-18 20:29 - 2014-09-08 11:38 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieUserList
2015-06-18 20:29 - 2014-09-08 11:38 - 00000000 __SHD C:\Users\TiongGee\AppData\Local\EmieSiteList
2015-06-18 08:42 - 2014-09-10 10:46 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-09-10 10:46 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-18 08:41 - 2014-09-10 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:14 - 2014-12-21 23:49 - 00000010 _____ C:\Users\admin\AppData\Local\sponge.last.runtime.cache
2015-06-18 08:05 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-06-18 07:37 - 2014-08-20 06:14 - 00000000 ____D C:\EEK
2015-06-18 07:35 - 2015-05-11 00:17 - 00000766 _____ C:\Users\admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-17 18:51 - 2014-09-10 15:26 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2015-06-17 18:51 - 2014-09-10 15:26 - 00000908 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2015-06-17 18:51 - 2014-09-10 15:26 - 00000000 ____D C:\Program Files\Pale Moon
2015-06-12 00:17 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2015-06-11 00:07 - 2015-05-31 02:43 - 00414696 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 00:04 - 2015-04-17 00:18 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 00:04 - 2015-03-14 01:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 00:04 - 2014-09-08 12:55 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\zh-HK
2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\en-GB
2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\zh-HK
2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\en-GB
2015-06-11 00:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 23:51 - 2014-09-08 12:55 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-07 02:58 - 2014-11-30 14:31 - 00000000 ____D C:\Users\TiongGee\Documents\Visual Studio 2013

==================== Files in the root of some directories =======

2014-09-10 15:32 - 2014-09-11 08:41 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-07-20 03:13 - 2012-03-10 10:58 - 0000167 _____ () C:\Users\TiongGee\AppData\Roaming\Battery Meter_Settings.ini
2011-07-20 03:19 - 2012-03-09 07:48 - 0000352 _____ () C:\Users\TiongGee\AppData\Roaming\Network Meter_Settings.ini
2013-02-25 06:43 - 2013-02-25 06:43 - 0000026 _____ () C:\Users\TiongGee\AppData\Roaming\prio.ini
2010-01-15 09:55 - 2011-08-19 10:35 - 0003694 _____ () C:\Users\TiongGee\AppData\Roaming\wklnhst.dat
2013-07-08 10:49 - 2013-07-08 10:50 - 0008192 _____ () C:\Users\TiongGee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-05 20:31 - 2013-09-30 17:49 - 0007609 _____ () C:\Users\TiongGee\AppData\Local\Resmon.ResmonCfg
2014-12-26 05:38 - 2014-12-26 05:38 - 0220768 _____ () C:\ProgramData\1419568515.bdinstall.bin
2015-02-20 17:52 - 2015-02-20 17:53 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-08-05 15:30 - 2014-08-05 15:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-07 01:14 - 2015-05-07 01:13 - 0019535 _____ () C:\ProgramData\empty.ico
2015-07-04 13:33 - 2015-07-04 13:34 - 0002502 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AB}.log
2015-07-04 13:34 - 2015-07-04 13:34 - 0001239 _____ () C:\ProgramData\{CF93D06A-43BB-4aa4-A4FB-99880124E1AC}.log

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\admin\AppData\Local\Temp\sfareca00001.dll
C:\Users\admin\AppData\Local\Temp\sfextra.dll
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys

==================== Bamital &amp; volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe =&gt; File is digitally signed
C:\Windows\System32\wininit.exe =&gt; File is digitally signed
C:\Windows\explorer.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe =&gt; File is digitally signed
C:\Windows\System32\svchost.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe =&gt; File is digitally signed
C:\Windows\System32\services.exe =&gt; File is digitally signed
C:\Windows\System32\User32.dll =&gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll =&gt; File is digitally signed
C:\Windows\System32\userinit.exe =&gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe =&gt; File is digitally signed
C:\Windows\System32\rpcss.dll =&gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys =&gt; File is digitally signed


ATTENTION: ==&gt; Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================
**************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by TGT at 2015-07-06 16:07:59
Running from D:\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3019814323-1221305904-3904259001-1003 - Administrator - Enabled) =&gt; C:\Users\admin
Administrator (S-1-5-21-3019814323-1221305904-3904259001-500 - Administrator - Enabled) =&gt; C:\Users\Administrator
Guest (S-1-5-21-3019814323-1221305904-3904259001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3019814323-1221305904-3904259001-1006 - Limited - Enabled)
TGT (S-1-5-21-3019814323-1221305904-3904259001-1002 - Limited - Enabled) =&gt; C:\Users\TiongGee
UpdatusUser (S-1-5-21-3019814323-1221305904-3904259001-1001 - Limited - Enabled) =&gt; C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5976 - Piriform)
Agomo Installer (x32 Version: 1.0.0.5936 - Piriform) Hidden
Analog Clock-7 2.1 (HKLM-x32\...\Analog Clock - 7_is1) (Version: - Style-7)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DNSCrypt (HKLM-x32\...\{DEF3592F-0751-4632-9875-8BF9AD602898}) (Version: 0.0.6 - OpenDNS)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Assistant Application en-GB version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-GB version 1.1.3 (HKLM-x32\...\{CA54E6DD-70F8-4AE5-8427-522A52FC4408}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
EMET 5.1 (HKLM-x32\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Energy Manager (x32 Version: 1.0.0.32 - Lenovo) Hidden
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
FXCM Trading Station (HKLM-x32\...\FXCM Trading Station) (Version: 111313 - )
FXCM Trading Station (x32 Version: 111313 - FXCM) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Photos Backup (HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\Google Photos Backup) (Version: 1.1.0.219 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\cbe8636f7dd0cf1d) (Version: 1.3.1.0 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0043 - Lenovo)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 4.3 Help Pack (English (United Kingdom)) (HKLM-x32\...\{EC755304-27EB-4F2D-9800-F370DBC374EF}) (Version: 4.3.1.2 - The Document Foundation)
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpticalSmartHub (HKLM-x32\...\OpticalSmartHub) (Version: - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Pale Moon 25.5.0 (x64 en-US) (HKLM\...\Pale Moon 25.5.0 (x64 en-US)) (Version: 25.5.0 - Moonchild Productions)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7133 - Realtek Semiconductor Corp.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TunnelBear (HKLM-x32\...\{c8811a2f-f50d-405f-a18e-ca32f0528e73}) (Version: 2.2.27.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.27.0 - TunnelBear) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1467.1 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Wise Care 365 3.63 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.63 - WiseCleaner.com, Inc.)
Wise Folder Hider 2.02 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 2.02 - WiseCleaner.com, Inc.)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job =&gt;
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job =&gt;
Task: C:\windows\Tasks\Wise Care 365.job =&gt;
Task: C:\windows\Tasks\Wise Turbo Checker.job =&gt;

==================== Loaded Modules (Whitelisted) ==============

2014-12-26 05:37 - 2013-03-19 05:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-11-09 09:10 - 2014-11-09 09:10 - 00166536 _____ () C:\Program Files (x86)\EMET 5.1\HelperLib.dll
2014-11-09 09:10 - 2014-11-09 09:10 - 00045192 _____ () C:\Program Files (x86)\EMET 5.1\TrayIconSubsystem.dll
2014-11-09 09:10 - 2014-11-09 09:10 - 00045704 _____ () C:\Program Files (x86)\EMET 5.1\TelemetrySubsystem.dll
2014-02-08 11:19 - 2014-02-08 11:19 - 00348160 _____ () C:\Program Files (x86)\EMET 5.1\DevExpress.UserSkins.HighContrast.dll
2014-08-05 15:36 - 2015-03-19 21:02 - 00393480 _____ () C:\windows\system32\igfxTray.exe
2015-06-22 16:43 - 2015-06-20 08:20 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 16:43 - 2015-06-20 08:20 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\TiongGee\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76066639.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clrmmc.sys =&gt; ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc =&gt; ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76066639.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys =&gt; ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clrmmc.sys =&gt; ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc =&gt; ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\Control Panel\Desktop\\Wallpaper -&gt; D:\Reference\Places\Malaysia\Places\Pulau Rawa.png
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: =&gt; "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: =&gt; "OpenDNSCrypt.lnk"
HKLM\...\StartupApproved\Run: =&gt; "IgfxTray"
HKLM\...\StartupApproved\Run32: =&gt; "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: =&gt; "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: =&gt; "Andy"
HKLM\...\StartupApproved\Run32: =&gt; "Agomo"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\StartupFolder: =&gt; "Calendar.lnk"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\StartupFolder: =&gt; "Sticky Notes.lnk"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: =&gt; "CCleaner Monitoring"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: =&gt; "appnhost"
HKU\S-1-5-21-3019814323-1221305904-3904259001-1002\...\StartupApproved\Run: =&gt; "Google Photos Backup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] =&gt; (Allow) LPort=139
FirewallRules: [{7D49502D-3207-4B77-845E-9823FC8BE036}] =&gt; (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2283A1AB-A3ED-410A-98A9-703C58162C58}] =&gt; (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AE65AE59-32D4-49D3-8026-D73F91F8F42A}] =&gt; (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4B4332BC-D42C-4F4B-B8BF-C671B8DEFD7E}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4B5101FF-46D9-4F52-B048-3A9ADE04285D}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{6A3235A9-E0EA-4D6D-9F96-2069FC083AA6}] =&gt; (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{635290EA-97AC-4F27-AB30-1ED04705A552}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{CB16F438-5DD6-4686-94DC-01B48F2408B3}] =&gt; (Allow) LPort=55100
FirewallRules: [{F5FBBC24-C666-4DD5-85B4-888C93E983F0}] =&gt; (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{C873A98A-4157-45F6-81A4-8334F0CFF6BF}] =&gt; (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{D125B809-0CCD-449B-B715-1423C9D99020}C:\program files (x86)\libreoffice 4\program\soffice.bin] =&gt; (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{FB3BC8B7-4862-4319-9477-A5DF5185DA0C}C:\program files (x86)\libreoffice 4\program\soffice.bin] =&gt; (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{A8A2E6D2-140F-44E6-A30B-844E2E9C818A}] =&gt; (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{1B2622E7-C76B-423D-89EA-E6474EA4845D}] =&gt; (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{9BD0E5BE-0631-437D-8B88-8DB543FBFE23}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{908C5680-C66B-4BE0-8899-5E4E7F1DD990}] =&gt; (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAF60A13-D062-4211-A5A0-0757B6516537}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D031B856-3E63-4E8A-A5B3-95D4069E534E}] =&gt; (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{472E9EA6-C7CD-4C45-9C38-6B8B43067C4E}C:\program files\andy\andy.exe] =&gt; (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{0647320D-016A-40F3-B870-D58C2E2A00C8}C:\program files\andy\andy.exe] =&gt; (Allow) C:\program files\andy\andy.exe
FirewallRules: [{62DC66DE-760A-4151-9E44-C9F7635007E6}] =&gt; (Block) C:\program files\andy\andy.exe
FirewallRules: [{C95537C8-2FA3-4BE8-8DBF-57CA84166037}] =&gt; (Block) C:\program files\andy\andy.exe
FirewallRules: [TCP Query User{1DC17D84-4832-46DB-B78D-251747F77B66}C:\program files (x86)\skype\phone\skype.exe] =&gt; (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{76419E35-EAFC-4569-BA22-941109E74AFB}C:\program files (x86)\skype\phone\skype.exe] =&gt; (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{AE3E97BC-1577-41B4-BBDD-5B0F4FB5A5F5}] =&gt; (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{30C32BAD-2518-4582-9B9C-8A3C18F41DCA}] =&gt; (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{91C20D11-362E-49BE-BC81-BD49BB1018F4}] =&gt; (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{94098BCC-AD28-4A41-817C-ECC14AA79C97}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{BAACB0B2-DE56-468B-AF9D-CFEEBC68C390}] =&gt; (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/06/2015 03:53:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: tClock.dll_unloaded, version: 2.0.1.81, time stamp: 0x4d7d0016
Exception code: 0xc0000005
Fault offset: 0x0000000000010c80
Faulting process ID: 0x9f8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (07/05/2015 06:30:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ideapad)
Description: Product: Nitro PDF Reader -- You are running a 64-bit operating system. Please download the 64-bit Nitro PDF Reader installer from http://www.nitropdf.com/downloads/

Error: (07/05/2015 06:17:09 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (07/04/2015 03:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 6.3.9600.17415, time stamp: 0x545036ce
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process ID: 0xa498
Faulting application start time: 0xwwahost.exe0
Faulting application path: wwahost.exe1
Faulting module path: wwahost.exe2
Report ID: wwahost.exe3
Faulting package full name: wwahost.exe4
Faulting package-relative application ID: wwahost.exe5

Error: (07/04/2015 03:44:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: wwahost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (07/04/2015 11:24:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Gfxv4_0.exe, version: 8.15.10.3907, time stamp: 0x53e0fbbd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffb510ce7c8
Faulting process ID: 0xa70c
Faulting application start time: 0xGfxv4_0.exe0
Faulting application path: Gfxv4_0.exe1
Faulting module path: Gfxv4_0.exe2
Report ID: Gfxv4_0.exe3
Faulting package full name: Gfxv4_0.exe4
Faulting package-relative application ID: Gfxv4_0.exe5

Error: (07/04/2015 11:24:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Gfxv4_0.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at GfxUI.Display.DisplayMainPage.GetProfileData(System.String, igfxDHLib._CUI_PROFILE_DATA ByRef)
at GfxUI.Display.DisplayMainPage.displayProfileCombo_SelectionChanged(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.Controls.ComboBox.OnSelectionChanged(System.Windows.Controls.SelectionChangedEventArgs)
at System.Windows.Controls.Primitives.Selector+SelectionChanger.End()
at System.Windows.Controls.Primitives.Selector+SelectionChanger.SelectJustThisItem(ItemInfo, Boolean)
at System.Windows.Controls.ComboBoxItem.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at GfxUI.App.Main()

Error: (07/04/2015 06:00:14 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


System errors:
=============
Error: (07/06/2015 03:57:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dnscrypt-proxy service failed to start due to the following error:
%%2

Error: (07/06/2015 03:56:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/06/2015 03:56:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/06/2015 03:56:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/06/2015 03:54:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/06/2015 03:53:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/06/2015 03:53:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/06/2015 03:53:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/06/2015 03:54:03 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n

Error: (07/06/2015 03:53:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2tClock.dll_unloaded2.0.1.814d7d0016c00000050000000000010c809f801d0b7b1ac53e6a3C:\windows\Explorer.EXEtClock.dllcbd6d5d4-23ee-11e5-82a3-f8165431bf9a

Error: (07/05/2015 06:30:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: Ideapad)
Description: Product: Nitro PDF Reader -- You are running a 64-bit operating system. Please download the 64-bit Nitro PDF Reader installer from http://www.nitropdf.com/downloads/(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/05/2015 06:17:09 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (07/04/2015 03:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.17415545036ceKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9ca49801d0b667d382983fC:\windows\system32\wwahost.exeC:\windows\system32\KERNELBASE.dll2ee5f8f7-225b-11e5-82a2-f8165431bf9aMicrosoft.BingNews_3.0.4.322_x64__8wekyb3d8bbweAppexNews

Error: (07/04/2015 03:44:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: wwahost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
Stack:
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (07/04/2015 11:24:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gfxv4_0.exe8.15.10.390753e0fbbdunknown0.0.0.000000000c000000500007ffb510ce7c8a70c01d0b64341e7e40bC:\windows\system32\Gfxv4_0.exeunknownea918e70-2236-11e5-82a2-f8165431bf9a

Error: (07/04/2015 11:24:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Gfxv4_0.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at GfxUI.Display.DisplayMainPage.GetProfileData(System.String, igfxDHLib._CUI_PROFILE_DATA ByRef)
at GfxUI.Display.DisplayMainPage.displayProfileCombo_SelectionChanged(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.Controls.ComboBox.OnSelectionChanged(System.Windows.Controls.SelectionChangedEventArgs)
at System.Windows.Controls.Primitives.Selector+SelectionChanger.End()
at System.Windows.Controls.Primitives.Selector+SelectionChanger.SelectJustThisItem(ItemInfo, Boolean)
at System.Windows.Controls.ComboBoxItem.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at GfxUI.App.Main()

Error: (07/04/2015 06:00:14 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


CodeIntegrity Errors:
===================================
Date: 2015-04-18 04:44:03.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-27 00:26:01.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-23 00:08:35.417
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-21 04:20:05.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-20 22:52:55.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-09 15:49:16.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-26 18:16:45.281
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 37%
Total physical RAM: 8115.27 MB
Available physical RAM: 5105.04 MB
Total Virtual: 12719.27 MB
Available Virtual: 8128.21 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:215.37 GB) (Free:127.48 GB) NTFS ==&gt;[System with boot components (obtained from reading drive)]
Drive d: (MyStuff) (Fixed) (Total:207.9 GB) (Free:150.33 GB) NTFS
Drive e: (LENOVO) (Fixed) (Total:25 GB) (Free:18.6 GB) NTFS

==================== MBR &amp; Partition Table ==================

==================== End of log ============================

Edited by tgt987, 06 July 2015 - 02:11 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 07 July 2015 - 07:17 AM

Ran by TGT (ATTENTION: The logged in user is not administrator) on IDEAPAD on 06-07-2015 16:07:14


Please run the Farbar tool as an administrator.

p.s.
These are the profiles available to you.
Loaded Profiles: UpdatusUser & TGT (Available Profiles: UpdatusUser & TGT & admin & Administrator)

Let me know what problems you are having with this computer.

#14 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 07 July 2015 - 07:46 AM

Previously running grc.com shields up has warned about malware boot_cpd.b infection. But no warning when run a moment ago. Anyway, I attach frst log when run as administrator. 

Attached Files

  • Attached File  FRST.txt   55.22KB   2 downloads

Edited by tgt987, 07 July 2015 - 07:51 AM.


#15 tgt987

tgt987
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 07 July 2015 - 08:10 AM

Further info:

 

Shields Up says my port 443 is open. But "netstat -ao" does not show the port.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users