Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 Browser PopUps and Fake Severe Computer Issue Warnings


  • This topic is locked This topic is locked
21 replies to this topic

#1 s1vr

s1vr

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 October 2015 - 09:43 AM

Mod Edit: Moved to Malware Logs forum ~~ boopme

Recently purchased Windows 10 Lenovo laptop.
 
A few programs are installed.  The computer boots normally.  When you open the browser, popups start to occur (first one and then many).  Most are warning of infected computers and/or severe computer problems.  They will ask me to call a number for support.  The number is different most of the time and most popups have 1+ misspelled English words.
 
I have already run MalwareBytes AntiRootkit (several issues "fixed) and MalwareBytes AntiMalware (thousands of issues "fixed).  However, although there are significantly less popups since cleaning, they still happen.
 
I tried installing alternate browsers (Firefox/Chrome) but they fail to install successfully (unknown error).
 
I run FRST with Addition and attached the log files.
 
I would greatly appreciate any help you can provide.

Attached Files


Edited by boopme, 02 October 2015 - 10:15 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 02 October 2015 - 10:32 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download adwcleaner.pngAdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 2

mbar.PNG

  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 October 2015 - 12:12 PM

I changed all usernames to <username> 

 

Step 1 Log File - AdwCleaner[S1].txt

 

 

# AdwCleaner v5.009 - Logfile created 02/10/2015 at 12:35:57

# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : <username> - LENOVO-PC
# Running from : C:\Users\<username>\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\SysFiles
 
***** [ Files ] *****
 
File Found : C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\8pwrfoev.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : updateTask
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController.1
Key Found : HKLM\SOFTWARE\Classes\AppID\VOTPrx.EXE
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder.1
Key Found : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0B7CB21B-2D13-4315-9E35-69742BF77530}
Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
Key Found : HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\DownloadAdmin
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\WinPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\DownloadAdmin
Key Found : [x64] HKCU\Software\DAILYPCCLEAN
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\WebBar
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
Data Found : HKU\S-1-5-21-1903972719-864860115-318255080-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6626 bytes] ##########
 

 

Step 2 - mbar-log-{date} (xx-xx-xx).txt

I ran mbar after running/rebooting from AdwCleaner

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org
 
Database version:
  main:    v2015.10.02.05
  rootkit: v2015.09.22.01
 
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
<username> :: LENOVO-PC [administrator]
 
10/2/2015 12:44:55 PM
mbar-log-2015-10-02 (12-44-55).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 360540
Time elapsed: 18 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 02 October 2015 - 12:19 PM

Hi, 

regarding step 1:

 

 

# Option : Scan

 

Please follow the instructions.

 

regarding step 2:

 

 

I have already run MalwareBytes AntiRootkit (several issues "fixed)

 

I want you to post that log (if still existing).


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 07:59 AM

Regarding Step 1:

I completed that entire process you requested but I only provided the S# log (the one you asked for).  I have attached the C# log as well since I think you are wanting that as well.  In the future, if you want both logs, please change your instructions to ask for it.  If I am wrong in what you ask for, please let me know.

 

AdwCleaner[C1].txt

 

# AdwCleaner v5.009 - Logfile created 02/10/2015 at 12:38:20

# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : <username> - LENOVO-PC
# Running from : C:\Users\<username>\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\SysFiles
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\8pwrfoev.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : updateTask
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VOTPrx.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0B7CB21B-2D13-4315-9E35-69742BF77530}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13B77022-DB7B-4112-9B33-FA1F3F6D04B5}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\DownloadAdmin
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\WinPrograms
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\DownloadAdmin
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[!] Data Not Restored : HKU\S-1-5-21-1903972719-864860115-318255080-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7148 bytes] ##########
 

 

Regarding Step 2: 

I do not have the original log.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 03 October 2015 - 08:18 AM

I do not have the original log.


OK,
here are the next steps for you:

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 02:25 PM

Step 1:

On this first step, I screwed up.  I ran the scan but didn't notice the "Save log" option (yes, I know you provided the screenshots *sadface*) on the bottom of the scan results table.  I accidentally clicked "Next" and started the cleaning.   There were lots of "issues."  I tried to stop it but I don't think I stopped it in time.  Sorry about that!  I ran the scan again and here is the log file.  

 

HitmanPro 3.7.9.246
www.hitmanpro.com
 
   Computer name . . . . : LENOVO-PC
   Windows . . . . . . . : 10.0.0.10240.X64/4
   User name . . . . . . : Lenovo-PC\<username>
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2015-10-03 10:57:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 7
 
   Objects scanned . . . : 1,500,865
   Files scanned . . . . : 27,881
   Remnants scanned  . . : 505,011 files / 967,973 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\<username>\Desktop\FRST64.exe
      Size . . . . . . . : 2,192,384 bytes
      Age  . . . . . . . : 3.5 days (2015-09-29 22:47:36)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 426003C52317CD4C46B8D5C8C6961964B9DDD1AA4659AB26D90AD37A485C9B5F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\90\32389C45AB10C906.dat
         -1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\90\
         -1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\06908432CF759017DCF91096407A7326
          0.0s C:\Users\<username>\Desktop\FRST64.exe
          0.0s C:\Users\<username>\Desktop\McAfeeStingerPortable_12.1.0.1724_English_online.paf.exe
          0.0s C:\Users\<username>\Desktop\zoek.exe
          5.1s C:\Users\<username>\Desktop\FirefoxPortable_41.0_English.paf.exe
         21.2s C:\Users\<username>\Desktop\FirefoxPortable\
         21.2s C:\Users\<username>\Desktop\FirefoxPortable\App\
         21.2s C:\Users\<username>\Desktop\FirefoxPortable\FirefoxPortable.exe
         21.2s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\help.html
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\readme.txt
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\appicon.ico
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\appicon_128.png
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\appicon_16.png
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\appicon_32.png
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\appinfo.ini
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\AppInfo\installer.ini
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Bin\
         21.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Bin\sqlite3.exe
         21.5s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\plugins\
         21.5s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\plugins\plugins_readme.txt
         21.5s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\profile\
         21.5s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\profile\bookmarks.html
         21.5s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\
         21.6s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\profile\prefs.js
         21.6s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\settings\
         21.6s C:\Users\<username>\Desktop\FirefoxPortable\App\DefaultData\settings\FirefoxPortableSettings.ini
         21.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\AccessibleMarshal.dll
         21.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\D3DCompiler_43.dll
         21.8s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\application.ini
         21.8s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\breakpadinjector.dll
         21.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\crashreporter.exe
         22.0s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\crashreporter.ini
         22.0s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\d3dcompiler_47.dll
         22.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\dependentlibs.list
         22.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\firefox.exe
         22.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\freebl3.chk
         22.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\freebl3.dll
         22.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\icudt52.dll
         23.1s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\icuin52.dll
         23.1s C:\Windows\Prefetch\FIREFOXPORTABLE_41.0_ENGLISH.-F5907E98.pf
         23.3s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\icuuc52.dll
         23.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\libEGL.dll
         23.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\libGLESv2.dll
         23.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\maintenanceservice.exe
         23.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\maintenanceservice_installer.exe
         23.8s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\mozglue.dll
         23.8s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\msvcp120.dll
         23.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\msvcr120.dll
         24.0s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\nss3.dll
         24.2s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\nssckbi.dll
         24.3s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\nssdbm3.chk
         24.3s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\nssdbm3.dll
         24.3s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\omni.ja
         26.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\platform.ini
         26.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\plugin-container.exe
         26.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\plugin-hang-ui.exe
         26.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\precomplete
         26.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\removed-files
         26.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\sandboxbroker.dll
         26.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\softokn3.chk
         26.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\softokn3.dll
         26.7s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\update-settings.ini
         26.7s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\updater.exe
         26.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\updater.ini
         26.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\voucher.bin
         27.0s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\webapp-uninstaller.exe
         27.1s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\webapprt-stub.exe
         27.2s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\wow_helper.exe
         27.3s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\xul.dll
         30.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\
         30.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\blocklist.xml
         30.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\chrome.manifest
         30.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\crashreporter-override.ini
         30.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\omni.ja
         32.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\components\
         32.4s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\components\browsercomps.dll
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\components\components.manifest
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\chrome.manifest
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\extensions\
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\defaults\pref\
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\defaults\pref\channel-prefs.js
         32.5s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\defaults\
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\dictionaries\
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\dictionaries\en-US.aff
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\dictionaries\en-US.dic
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\gmp-clearkey\
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\gmp-clearkey\0.1\
         32.6s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\gmp-clearkey\0.1\clearkey.dll
         32.7s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\gmp-clearkey\0.1\clearkey.info
         32.7s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\uninstall\
         32.7s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\uninstall\helper.exe
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\webapprt\
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\webapprt\omni.ja
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\App\Firefox\webapprt\webapprt.ini
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\donation_button.png
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\favicon.ico
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\help_background_footer.png
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\help_background_header.png
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Help\images\help_logo_top.png
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\AppSource.txt
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\CheckForPlatformSplashDisable.nsh
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\FirefoxPortable.ini
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\FirefoxPortable.jpg
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\FirefoxPortableU.nsi
         32.9s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\License.txt
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_ARABIC.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_CZECH.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh
         33.0s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh
         33.1s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\ReadINIStrWithDefault.nsh
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\Readme.txt
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\ReplaceInFileWithTextReplace.nsh
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\SetFileAttributesDirectoryNormal.nsh
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\
         33.2s C:\Users\<username>\Desktop\FirefoxPortable\Other\Source\PortableApps.comInstallerCustom.nsh
         39.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\plugins\
         39.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\
         39.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\settings\
         39.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\plugins\plugins_readme.txt
         39.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\bookmarks.html
         39.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\settings\FirefoxPortableSettings.ini
         40.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\parent.lock
         40.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\crashes\
         40.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\minidumps\
         40.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\compatibility.ini
         40.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\crashes\events\
         40.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\startupCache\
         40.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cache2\
         40.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cache2\doomed\
         40.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cache2\entries\
         40.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\blocklist.xml
         40.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\secmod.db
         40.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cert8.db
         40.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\key3.db
         40.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\extensions.ini
         40.5s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\gmp\
         41.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\permissions.sqlite
         41.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\places.sqlite
         41.7s C:\Windows\Prefetch\FIREFOX.EXE-21E48777.pf
         41.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\webapps\
         42.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\revocations.txt
         42.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\pluginreg.dat
         42.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\content-prefs.sqlite
         42.9s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\webapps\webapps.json
         43.0s C:\Users\<username>\AppData\Local\Temp\mozilla-temp-files\
         43.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\thumbnails\
         43.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\bookmarkbackups\
         43.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\extensions.json
         43.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\addons.json
         44.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cookies.sqlite
         44.7s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20150929.224821.513.1.etl
         44.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\mimeTypes.rdf
         45.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\webappsstore.sqlite
         45.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\
         45.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\
         45.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\chrome\
         45.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\chrome\.metadata
         45.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\chrome\idb\
         45.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\chrome\idb\2918063365piupsah.sqlite
         45.5s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\frequencyCap.json
         45.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\search.json
         46.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\chrome\idb\2918063365piupsah.files\
         46.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\times.json
         46.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\moz-safe-about+home\
         46.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\moz-safe-about+home\.metadata
         46.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\moz-safe-about+home\idb\
         46.3s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite
         46.6s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\
         46.7s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\sessionstore-backups\
         49.5s C:\Windows\Prefetch\FIREFOXPORTABLE.EXE-73FCD388.pf
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-malware-simple.cache
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-malware-simple.pset
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-malware-simple.sbstore
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-phish-simple.cache
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-phish-simple.pset
         50.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-phish-simple.sbstore
         50.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-unwanted-simple.cache
         50.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-unwanted-simple.pset
         50.1s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\safebrowsing\test-unwanted-simple.sbstore
         52.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\45\
         52.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\45\09A28E5EBD38AE95.dat
         60.8s C:\Windows\Prefetch\MCAFEESTINGERPORTABLE_12.1.0.-ADC3390B.pf
         74.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\prefs.js
         92.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\formhistory.sqlite
         92.9s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\healthreport\
         92.9s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\datareporting\
         93.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\datareporting\state.json
         93.0s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\healthreport.sqlite
         97.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\sessionstore.js
         97.2s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\sessionCheckpoints.json
         97.4s C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ae10ff46a2f703a.customDestinations-ms
         97.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\SiteSecurityServiceState.txt
         97.4s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\xulstore.json
         97.6s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\crashes\store.json.mozlz4
         97.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\cache2\entries\CCA03667615FA626FB5715504ECE75EC7E846388
         97.8s C:\Users\<username>\Desktop\FirefoxPortable\Data\profile\startupCache\startupCache.4.little
         119.8s C:\Users\<username>\Desktop\FRST.txt
         121.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\9DEF389AA9F2572E50842AC304F33557
         121.3s C:\Windows\Prefetch\FRST64.EXE-828D4049.pf
 
   C:\Windows\SysWOW64\dnsapi.dll
      Size . . . . . . . : 534,064 bytes
      Age  . . . . . . . : 85.2 days (2015-07-10 07:00:30)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 19254AC6E8B874E330BF832151AC871FB1029AC5E2AF060749192C00AD7CF877
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : DNS Client API DLL
      Version  . . . . . : 10.0.10240.16384
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 24.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
 
 
 

Edited by s1vr, 03 October 2015 - 02:26 PM.


#8 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 02:27 PM

Step 2:

 

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=init
# utc_time=2015-10-03 02:31:20
# local_time=2015-10-03 10:31:20 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26063
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=updated
# utc_time=2015-10-03 02:59:29
# local_time=2015-10-03 10:59:29 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# engine=26063
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-03 04:53:16
# local_time=2015-10-03 12:53:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 6443608 0 0
# scanned=105486
# found=0
# cleaned=0
# scan_time=6826
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=init
# utc_time=2015-10-03 04:54:16
# local_time=2015-10-03 12:54:16 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 26063
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=updated
# utc_time=2015-10-03 04:54:33
# local_time=2015-10-03 12:54:33 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# engine=26063
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-03 05:48:37
# local_time=2015-10-03 01:48:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 6446929 0 0
# scanned=197575
# found=0
# cleaned=0
# scan_time=3243
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=init
# utc_time=2015-10-03 05:49:40
# local_time=2015-10-03 01:49:40 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 26063
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# end=updated
# utc_time=2015-10-03 05:49:58
# local_time=2015-10-03 01:49:58 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d1a1f869b4da9a448d571eb2ce2998dc
# engine=26063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-03 06:51:43
# local_time=2015-10-03 02:51:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 6450715 0 0
# scanned=334924
# found=6
# cleaned=0
# scan_time=3704
sh=01555D8BD26190807CA6E8B0B9EC9DDFA37A77B9 ft=1 fh=f6a9b1021a3dbf08 vn="a variant of MSIL/Adware.PullUpdate.J.gen application" ac=I fn="C:\zoek_backup\C_PROGRA~3_setup_1e6269bb7bfd409bbb9bb3320560f5ce.exe.vir"
sh=C67A2A4447803B4FCD47544D83DD98265701D5D5 ft=1 fh=c71c0011d864f537 vn="a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_BrowserApp2.1\e49fc30f-efca-4160-83ab-9b4254876cb0-10.exe"
sh=58C470F6754A0568537B64398D2501044955E71B ft=1 fh=06ece0c73ed096a9 vn="a variant of Win32/Toolbar.CrossRider.CU potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_BrowserApp2.1\Uninstall.exe"
sh=C67A2A4447803B4FCD47544D83DD98265701D5D5 ft=1 fh=c71c0011d864f537 vn="a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_BrowserApp2.1\UninstallBrw.exe"
sh=7ADB36FABD0B612731C59D48E7940BAFD465E4F0 ft=1 fh=a8cbba5c56573703 vn="a variant of MSIL/Adware.PullUpdate.L.gen application" ac=I fn="C:\zoek_backup\C_PROGRA~3_Browser\prompt.exe"
sh=BF42468BCDFA0C513BA59B5068D2F0C8C0EFF459 ft=1 fh=78a2265bb76cce7c vn="a variant of Win32/DealPly.BB potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_<username>_AppData_Local_{033B3567-2793-59DF-4A0B-7C376E6380AF}\uninstall.exe"
 


#9 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 02:28 PM

Step 3:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015

Ran by <username> (administrator) on LENOVO-PC (03-10-2015 13:19:13)
Running from C:\Users\<username>\Desktop
Loaded Profiles: <username> (Available Profiles: <username>)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(© 2015 Microsoft Corporation) C:\Users\<username>\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [4060376 2014-09-11] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323312 2015-01-27] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-04-23] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-04-23] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1903972719-864860115-318255080-1001\...\Run: [BingSvc] => C:\Users\<username>\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1903972719-864860115-318255080-1001\...\RunOnce: [Uninstall C:\Users\<username>\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\<username>\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1903972719-864860115-318255080-1001\...\RunOnce: [Uninstall C:\Users\<username>\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\<username>\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1a271603-b143-41c2-b372-fbb085c5214a}: [DhcpNameServer] 150.211.1.2
Tcpip\..\Interfaces\{b9d809b6-0ed4-419a-9c2d-4d57bc9cfd80}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1903972719-864860115-318255080-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> DefaultScope {A8D86F75-199B-471B-846C-58B1C4B48238} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {A8D86F75-199B-471B-846C-58B1C4B48238} URL = 
SearchScopes: HKU\S-1-5-21-1903972719-864860115-318255080-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1903972719-864860115-318255080-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
 
FireFox:
========
FF ProfilePath: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\8pwrfoev.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_instlmtrx_15_40&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0FyBtBzz0B0CyDzyzy0FyD0AzyyCtN0D0Tzu0StCtAyCyCtN1L2XzutAtFtCtAtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByDtA0CyD0E0A0CtG0EyDtBzytGyEtCtB0FtGzy0F0DzytGtD0B0FyEtB0CyByE0EyDyE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzzyCtD0CtDzztGtD0CyB0EtGyEzzyD0AtG0BzzyB0CtGyEtB0CtCyB0EyEyC0C0A0EtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzy%26cr%3D1451332717%26a%3Dwncy_instlmtrx_15_40%26os%3DWindows%2B10%2BHome
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [644080 2014-10-22] ()
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-30] (ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo)
S2 HitmanPro37CrusaderBoot; C:\Users\<username>\Desktop\HitmanPro_x64.exe [11350472 2015-10-03] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19184 2015-01-27] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-18] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-04-23] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2015-10-02] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-04-23] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-04-23] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3494680 2015-01-20] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [2599128 2014-09-11] (Realtek Semiconductor Corp.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 13:20 - 2015-10-03 13:20 - 00000000 ____D C:\Users\<username>\AppData\Local\NetworkTiles
2015-10-03 13:18 - 2015-10-03 13:18 - 00016148 _____ C:\WINDOWS\system32\LENOVO-PC_<username>_HistoryPrediction.bin
2015-10-03 13:01 - 2015-10-03 13:20 - 00016473 _____ C:\Users\<username>\Desktop\FRST.txt
2015-10-03 12:59 - 2015-10-03 12:59 - 00000000 ____D C:\Users\<username>\Desktop\FRST-OlderVersion
2015-10-03 10:57 - 2015-10-03 10:57 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-03 10:56 - 2015-10-03 10:56 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-10-03 10:56 - 2015-10-03 10:56 - 00001578 _____ C:\WINDOWS\system32\.crusader
2015-10-03 10:56 - 2015-10-03 10:56 - 00000556 _____ C:\WINDOWS\system32\bootdelete.lst
2015-10-03 10:25 - 2015-10-03 10:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-03 10:20 - 2015-10-03 10:56 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-03 10:20 - 2015-10-03 10:17 - 11350472 _____ (SurfRight B.V.) C:\Users\<username>\Desktop\HitmanPro_x64.exe
2015-10-03 10:20 - 2015-10-03 10:17 - 02870984 _____ (ESET) C:\Users\<username>\Desktop\esetsmartinstaller_enu.exe
2015-10-02 12:43 - 2015-10-02 13:03 - 00000000 ____D C:\Users\<username>\Desktop\mbar
2015-10-02 12:43 - 2015-10-02 12:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\<username>\Desktop\mbar-1.09.3.1001.exe
2015-10-02 12:35 - 2015-10-02 12:38 - 00000000 ____D C:\AdwCleaner
2015-10-02 12:35 - 2015-10-02 12:34 - 01670656 _____ C:\Users\<username>\Desktop\AdwCleaner.exe
2015-09-29 22:47 - 2015-10-03 12:59 - 02193408 _____ (Farbar) C:\Users\<username>\Desktop\FRST64.exe
2015-09-29 22:47 - 2015-09-29 22:48 - 00000000 ____D C:\Users\<username>\Desktop\FirefoxPortable
2015-09-29 22:47 - 2015-09-29 22:46 - 45451528 _____ (PortableApps.com) C:\Users\<username>\Desktop\FirefoxPortable_41.0_English.paf.exe
2015-09-29 22:47 - 2015-09-29 22:46 - 00416056 _____ (PortableApps.com) C:\Users\<username>\Desktop\McAfeeStingerPortable_12.1.0.1724_English_online.paf.exe
2015-09-29 22:47 - 2015-09-28 19:23 - 01309184 _____ C:\Users\<username>\Desktop\zoek.exe
2015-09-29 18:10 - 2015-09-29 18:10 - 00000000 ____D C:\Users\<username>\AppData\Local\VirtualStore
2015-09-29 18:08 - 2015-10-02 13:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-29 06:27 - 2015-09-29 06:27 - 00000000 ____D C:\ProgramData\OneKey Optimizer
2015-09-28 23:17 - 2015-09-28 23:17 - 00000000 ____D C:\Avenger
2015-09-28 21:13 - 2015-09-28 20:49 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-28 20:52 - 2015-09-28 19:58 - 00001005 _____ C:\zoek-results2015-09-28-235833.log
2015-09-28 20:29 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-09-28 20:10 - 2015-09-28 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2015-09-28 20:10 - 2015-09-28 20:10 - 00000000 ____D C:\Program Files (x86)\EMET 5.2
2015-09-28 19:50 - 2015-09-29 06:27 - 00045150 _____ C:\zoek-results.log
2015-09-28 19:48 - 2015-09-28 21:05 - 00000000 ____D C:\zoek_backup
2015-09-28 19:23 - 2015-10-03 13:19 - 00000000 ____D C:\FRST
2015-09-28 19:17 - 2015-09-28 19:17 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 19:17 - 2015-09-28 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 19:16 - 2015-10-02 12:43 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-28 19:16 - 2015-09-28 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-28 19:16 - 2015-09-28 19:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 19:16 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-28 19:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-28 19:15 - 2015-10-02 13:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-28 19:15 - 2015-10-02 12:44 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 11:19 - 2015-09-28 11:20 - 00000000 ____D C:\Users\<username>\AppData\Local\Chromium
2015-09-28 11:19 - 2015-09-28 11:19 - 00002792 _____ C:\WINDOWS\System32\Tasks\UpdateTask
2015-09-28 11:15 - 2015-10-03 10:23 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9DB19D04-BA22-459B-AA4D-3D9B35F73536}
2015-09-12 18:59 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-12 18:59 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-12 18:59 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-12 18:59 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-12 18:59 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-12 18:59 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-12 18:59 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-12 18:59 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-12 18:59 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-12 18:59 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-12 18:59 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-12 18:59 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-12 18:59 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-12 18:59 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-12 18:59 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-12 18:59 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-12 18:59 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-12 18:59 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-12 18:59 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-12 18:59 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-12 18:59 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-12 18:59 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-12 18:59 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-12 18:59 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-12 18:59 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-12 18:59 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-12 18:59 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-12 18:59 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-12 18:59 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-12 18:59 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-12 18:58 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-12 18:58 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 13:20 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-03 13:10 - 2015-09-01 20:15 - 00000326 _____ C:\WINDOWS\Tasks\RigEv83.job
2015-10-03 13:07 - 2015-09-01 20:15 - 00000302 _____ C:\WINDOWS\Tasks\ElectrServa61.job
2015-10-03 12:48 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-03 10:39 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-03 10:36 - 2015-04-23 18:56 - 00000700 _____ C:\WINDOWS\lupdate.log
2015-10-03 08:52 - 2015-07-10 08:20 - 00016418 _____ C:\WINDOWS\setupact.log
2015-10-03 08:52 - 2015-04-23 19:22 - 00027489 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-10-03 08:52 - 2015-04-23 19:16 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-02 13:07 - 2015-08-29 15:47 - 00153336 _____ C:\WINDOWS\system32\wpbbin.exe
2015-10-02 13:07 - 2015-08-29 15:47 - 00111088 _____ (Lenovo (Beijing) Limited) C:\WINDOWS\system32\LenovoCheck.exe
2015-10-02 13:07 - 2015-08-29 15:47 - 00026608 _____ (Lenovo) C:\WINDOWS\system32\LenovoUpdate.exe
2015-10-02 13:07 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 13:07 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 13:07 - 2015-04-23 19:18 - 00689928 _____ C:\Users\Public\CAFADEBUG.log
2015-09-29 22:49 - 2015-08-30 18:03 - 00000000 ____D C:\Users\<username>\AppData\Roaming\Mozilla
2015-09-29 18:05 - 2015-08-29 15:47 - 00122158 _____ C:\WINDOWS\PFRO.log
2015-09-28 23:16 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\schemas
2015-09-28 21:24 - 2015-09-01 20:15 - 00000000 ____D C:\Users\<username>\AppData\Local\HistoriGrai81
2015-09-28 21:24 - 2015-09-01 20:15 - 00000000 ____D C:\Users\<username>\AppData\Local\AcidDivisio751
2015-09-28 21:24 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-28 20:58 - 2015-04-23 19:30 - 00000000 ____D C:\ProgramData\Lenovo
2015-09-28 20:39 - 2015-09-01 20:20 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-28 20:38 - 2015-04-23 19:48 - 00000000 ____D C:\ProgramData\McAfee
2015-09-28 20:38 - 2015-04-23 19:48 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-28 20:37 - 2015-07-10 08:20 - 00210928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-28 20:36 - 2015-08-29 15:53 - 00000000 ____D C:\Users\<username>
2015-09-28 20:36 - 2015-04-23 19:46 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-28 20:35 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-28 20:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-28 20:32 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-28 20:32 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-28 20:31 - 2015-08-30 15:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-09-28 20:27 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-09-28 20:23 - 2015-08-29 14:18 - 00000000 ____D C:\Users\<username>\AppData\Local\Packages
2015-09-28 19:27 - 2015-08-29 16:05 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-28 10:27 - 2015-08-29 14:18 - 00000000 ____D C:\Users\<username>\AppData\Roaming\Adobe
2015-09-21 12:03 - 2015-08-30 08:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 18:46 - 2015-08-29 16:31 - 00002409 _____ C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 18:46 - 2015-08-29 16:31 - 00000000 ___RD C:\Users\<username>\OneDrive
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-08-29 15:50 - 2015-08-29 15:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\<username>\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 07:00] - [2015-09-02 17:06] - 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 07:00] - [2015-09-02 17:06] - 0534064 ____A (Microsoft Corporation) 4111492514CD8085E67C844E9C9FD74D
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-28 21:17
 
==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015

Ran by <username> (2015-10-03 13:21:02)
Running from C:\Users\<username>\Desktop
Windows 10 Home (X64) (2015-08-29 20:27:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1903972719-864860115-318255080-500 - Administrator - Disabled)
<username> (S-1-5-21-1903972719-864860115-318255080-1001 - Administrator - Enabled) => C:\Users\<username>
DefaultAccount (S-1-5-21-1903972719-864860115-318255080-503 - Limited - Disabled)
Guest (S-1-5-21-1903972719-864860115-318255080-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1903972719-864860115-318255080-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1903972719-864860115-318255080-1001\...\Amazon Kindle) (Version:  - Amazon)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.1.0.7 - Lenovo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.2.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{06A5031E-3B1E-4FB9-AC4C-BA0FE2706152}) (Version: 17.1.1433.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{21fed2aa-c2b4-4d9e-bd4b-072866d210b7}) (Version: 17.14.1 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10291 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6806.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.6806.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.24.256 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.21 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.4 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 2.0.0.5 - Lenovo)
LenovoUtility (x32 Version: 2.0.0.5 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.16 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.16 - Lenovo) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
30-08-2015 08:43:59 Windows Update
30-08-2015 08:44:35 Windows Update
05-09-2015 18:32:12 Windows Modules Installer
20-09-2015 23:05:38 Windows Update
28-09-2015 19:50:44 zoek.exe restore point
28-09-2015 20:08:48 Malwarebytes Anti-Rootkit Restore Point
03-10-2015 10:30:46 Checkpoint by HitmanPro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A0EE22C-F7DC-4347-8A95-AF0CF14606D1} - \Inst_Rep -> No File <==== ATTENTION
Task: {0FCF23A7-82A1-461E-978F-190D3F261C8B} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {1F21D46C-728D-4FE5-A842-77755FF9DC1A} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {2682B268-205A-481D-9EE6-6EE1A35F00F0} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {28980967-2CCA-47AD-A7EC-F8BF49033317} - \One System Care Monitor -> No File <==== ATTENTION
Task: {2F729E5E-C66B-413B-91F3-451E20CECF29} - \OFFICE2013ACT -> No File <==== ATTENTION
Task: {2FA44F52-E202-4B38-98FE-7ED32EE0775F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {30121C33-0B2E-41DF-91BA-6CD9BB609F38} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {3155AA71-6339-452B-B1BC-DE9555EB6BE4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {40A037EB-8743-4688-A739-8D0D778D52C7} - \UpdateAdmin -> No File <==== ATTENTION
Task: {443F9D28-22A7-4C09-90A8-9DDEB87D447B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F6E614F-4F3C-4F84-9D0F-542C56019B2C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5FB30944-A901-476F-87ED-8AB695498139} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {8DFD9ECC-4540-4A78-9CD3-34E82165283E} - System32\Tasks\RigEv83 => C:\Users\<username>\AppData\Local\AcidDivisio751\Actransform.exe
Task: {9095C025-6135-4E06-9AAE-921B40165846} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-08-29] (Lenovo)
Task: {92CF2541-182F-4202-9818-CBE36947B9DA} - \Clomnossenam -> No File <==== ATTENTION
Task: {97272DB8-FB08-47AF-9620-8E405EF06004} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {9D1B00B6-6D1F-4C86-A3F4-70AA0C847989} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A1B21859-7B9F-491D-AF9A-CB58BFA4C026} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {A7EFD861-A7B2-459E-BA19-08F6625635D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AEF16A37-AED2-42AD-A2F8-6CF97AF90176} - System32\Tasks\UpdateTask => C:\Users\CARTER~1\AppData\Local\{033B3~1\UNINST~1.EXE
Task: {D12303B0-7ACB-40D3-9AF7-51FE1117CF1C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D464768B-B0A9-4140-9227-A8354C7BF45B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {D5003730-2E90-4A94-A6EC-81747B57FE08} - System32\Tasks\ElectrServa61 => C:\Users\CARTER~1\AppData\Local\ACIDDI~1\Acdiagnose.exe
Task: {D6EBAEC6-EF64-4E42-8602-DDC99D49AE61} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {F8D1B214-632A-414C-9DA7-1C3D1CBCD026} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {FB709974-37E3-425D-BEC4-B47417E8D3C1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {FF5C9001-AD29-429D-93CF-808EC1B1C4CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ElectrServa61.job => C:\Users\CARTER~1\AppData\Local\ACIDDI~1\Acdiagnose.exe
Task: C:\WINDOWS\Tasks\RigEv83.job => C:\Users\<username>\AppData\Local\AcidDivisio751\Actransform.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-29 19:42 - 2015-08-29 19:42 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-04-23 20:00 - 2014-11-20 13:43 - 00016920 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbServicePS.dll
2015-04-23 19:56 - 2015-04-23 19:55 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2015-04-23 19:52 - 2012-04-24 06:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-08-29 19:42 - 2015-08-29 19:42 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-04-23 19:59 - 2014-11-17 18:35 - 00036632 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Metric.dll
2015-04-23 19:59 - 2014-11-17 18:35 - 00166680 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\Lenovo.MetricCollectionMFCx64.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-04-23 19:16 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-04-23 19:47 - 2015-04-23 19:47 - 00791368 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2015-04-23 19:47 - 2015-04-23 19:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2015-04-23 19:59 - 2014-11-17 18:35 - 00040216 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\EnglishRes.dll
2015-04-23 19:56 - 2015-04-23 19:55 - 00815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2015-04-23 19:46 - 2014-10-22 13:15 - 00644080 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2015-04-23 20:00 - 2014-11-20 13:43 - 00159256 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\FbApi.dll
2015-04-23 19:59 - 2014-11-17 18:35 - 00036120 _____ () C:\Program Files\Lenovo\OneKey Optimizer\bin\zd.dll
2015-04-23 19:46 - 2014-10-22 13:15 - 00410096 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2015-10-03 10:31 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-08-29 19:42 - 2015-08-29 19:42 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-08-29 19:42 - 2015-08-29 19:42 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-04-23 19:52 - 2014-07-04 00:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 15:35 - 2014-07-04 15:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-09-03 14:03 - 2014-09-03 14:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-23 19:31 - 2015-01-22 19:18 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-04-23 19:31 - 2015-01-22 19:18 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Zoegceato => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1903972719-864860115-318255080-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A7C2B1B0-9611-4C80-A877-818E2A730ACE}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{0040F140-AA12-4E44-937A-08AF04790FE4}] => (Allow) LPort=55100
FirewallRules: [{73A657FB-AF11-4D70-AC32-53FB3BD51877}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{6A9418FD-4BBF-49F4-89BD-94BF61BE305B}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{3E53714F-F754-4C3D-9B4A-5A885EE24E8B}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{8D9E5582-A236-4238-A074-EE2A6543E221}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{88F5806B-5A5F-4AE9-8CE0-A1D7084EC743}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6D536007-0034-4275-A61A-07EFC1EFDB77}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{EE9B3CFA-296C-4FB2-B0C0-B0C9DCC8E160}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{20822F85-299E-492F-A026-CE1E518E83D4}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B93BB0BA-6410-4B83-9ED5-45111BA347B9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C9A65A04-8095-4FDD-9606-6C8316CA5D15}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{30CE8C2A-EA07-40F0-B924-89C0B8011F1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2015 12:54:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (10/03/2015 12:53:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (10/03/2015 10:36:12 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x00002a8a
 
Error: (10/03/2015 10:36:12 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is  failed w/err 0x00000001
 
Error: (10/03/2015 10:30:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/03/2015 10:30:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f811d984-a62e-4c06-995f-61b99faee8c5}
 
Error: (10/03/2015 10:25:49 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is  failed w/err 0x00000266
 
Error: (10/03/2015 10:25:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (10/03/2015 10:25:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (10/03/2015 10:25:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
 
System errors:
=============
Error: (10/03/2015 12:54:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/03/2015 12:54:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CARTER~1\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2015 12:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/03/2015 12:54:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CARTER~1\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2015 12:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/03/2015 12:54:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CARTER~1\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2015 12:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/03/2015 12:54:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CARTER~1\AppData\Local\Temp\ehdrv.sys
 
Error: (10/03/2015 12:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/03/2015 12:54:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\CARTER~1\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2015-10-03 10:21:11.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-03 10:21:11.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-03 10:21:11.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-03 10:21:11.097
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-03 10:21:11.058
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 22:48:54.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 22:48:54.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 22:48:54.288
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 22:48:54.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 22:48:54.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 46%
Total physical RAM: 4017.08 MB
Available physical RAM: 2140.14 MB
Total Virtual: 8369.08 MB
Available Virtual: 6335.48 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:891.64 GB) (Free:837.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS
Drive f: (UNTITLED) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 19AA1B9D)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 62.3 MB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#10 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 02:31 PM

Also, when I restarted Windows Defender, it cleaned off a trojan it found.  It reported it as "Trojan:Win32/Patched.AP" - file:C:\WINDOWS\sysWOW64\dnsapi.dll



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 03 October 2015 - 02:33 PM

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 October 2015 - 06:44 PM

Search.txt

 

Farbar Recovery Scan Tool (x64) Version:03-10-2015

Ran by <username> (2015-10-03 18:19:44)
Running from C:\Users\<username>\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 07:00][2015-09-02 17:06] 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11 [File not signed]
 
====== End of Search ======


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 04 October 2015 - 01:22 AM

Also, when I restarted Windows Defender, it cleaned off a trojan it found.  It reported it as "Trojan:Win32/Patched.AP" - file:C:\WINDOWS\sysWOW64\dnsapi.dll

 
Yup, and now the syswow64 file is missing. :)

Please disable the realtime protection of windows defender:

Step 1

frst.pngfrstfix.png

Press the
w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
    File: "C:\Users\CARTER~1\AppData\Local\ACIDDI~1\Acdiagnose.exe" 
    File: "C:\Users\CARTER~1\AppData\Local\{033B3~1\UNINST~1.EXE"
    Task: {0A0EE22C-F7DC-4347-8A95-AF0CF14606D1} - \Inst_Rep -> 
    Task: {0FCF23A7-82A1-461E-978F-190D3F261C8B} - \LaunchPreSignup -> 
    Task: {1F21D46C-728D-4FE5-A842-77755FF9DC1A} - \ProPCCleaner_Start -> 
    Task: {28980967-2CCA-47AD-A7EC-F8BF49033317} - \One System Care Monitor -> 
    Task: {2F729E5E-C66B-413B-91F3-451E20CECF29} - \OFFICE2013ACT -> 
    Task: {40A037EB-8743-4688-A739-8D0D778D52C7} - \UpdateAdmin -> 
    Task: {443F9D28-22A7-4C09-90A8-9DDEB87D447B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> 
    Task: {5F6E614F-4F3C-4F84-9D0F-542C56019B2C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> 
    Task: {8DFD9ECC-4540-4A78-9CD3-34E82165283E} - System32\Tasks\RigEv83 => 
    Task: {92CF2541-182F-4202-9818-CBE36947B9DA} - \Clomnossenam -> No File 
    Task: {9D1B00B6-6D1F-4C86-A3F4-70AA0C847989} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> 
    Task: {A7EFD861-A7B2-459E-BA19-08F6625635D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> 
    Task: {AEF16A37-AED2-42AD-A2F8-6CF97AF90176} - System32\Tasks\UpdateTask => 
    Task: {D5003730-2E90-4A94-A6EC-81747B57FE08} - System32\Tasks\ElectrServa61 => 
    Task: {D6EBAEC6-EF64-4E42-8602-DDC99D49AE61} - \ProPCCleaner_Popup -> 
    Task: {FF5C9001-AD29-429D-93CF-808EC1B1C4CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig ->  
    Task: C:\WINDOWS\Tasks\ElectrServa61.job =>
    Task: C:\WINDOWS\Tasks\RigEv83.job => 
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Zoegceato => ""="service"
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.



 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 s1vr

s1vr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 October 2015 - 05:14 PM

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015

Ran by <username> (2015-10-04 18:12:06) Run:1
Running from C:\Users\<username>\Desktop
Loaded Profiles: <username> (Available Profiles: <username>)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
File: "C:\Users\CARTER~1\AppData\Local\ACIDDI~1\Acdiagnose.exe" 
File: "C:\Users\CARTER~1\AppData\Local\{033B3~1\UNINST~1.EXE"
Task: {0A0EE22C-F7DC-4347-8A95-AF0CF14606D1} - \Inst_Rep -> 
Task: {0FCF23A7-82A1-461E-978F-190D3F261C8B} - \LaunchPreSignup -> 
Task: {1F21D46C-728D-4FE5-A842-77755FF9DC1A} - \ProPCCleaner_Start -> 
Task: {28980967-2CCA-47AD-A7EC-F8BF49033317} - \One System Care Monitor -> 
Task: {2F729E5E-C66B-413B-91F3-451E20CECF29} - \OFFICE2013ACT -> 
Task: {40A037EB-8743-4688-A739-8D0D778D52C7} - \UpdateAdmin -> 
Task: {443F9D28-22A7-4C09-90A8-9DDEB87D447B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> 
Task: {5F6E614F-4F3C-4F84-9D0F-542C56019B2C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> 
Task: {8DFD9ECC-4540-4A78-9CD3-34E82165283E} - System32\Tasks\RigEv83 => 
Task: {92CF2541-182F-4202-9818-CBE36947B9DA} - \Clomnossenam -> No File 
Task: {9D1B00B6-6D1F-4C86-A3F4-70AA0C847989} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> 
Task: {A7EFD861-A7B2-459E-BA19-08F6625635D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> 
Task: {AEF16A37-AED2-42AD-A2F8-6CF97AF90176} - System32\Tasks\UpdateTask => 
Task: {D5003730-2E90-4A94-A6EC-81747B57FE08} - System32\Tasks\ElectrServa61 => 
Task: {D6EBAEC6-EF64-4E42-8602-DDC99D49AE61} - \ProPCCleaner_Popup -> 
Task: {FF5C9001-AD29-429D-93CF-808EC1B1C4CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig ->  
Task: C:\WINDOWS\Tasks\ElectrServa61.job =>
Task: C:\WINDOWS\Tasks\RigEv83.job => 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Zoegceato => ""="service"
*****************
 
Processes closed successfully.
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:46 AM

Posted 04 October 2015 - 05:59 PM

Hi,

the fixlog isn't complete.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users