Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Real Cloud" unassisted upload when turning on this a.m.


  • Please log in to reply
10 replies to this topic

#1 CateCate

CateCate

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 May 2016 - 05:21 PM

This morning after putting in password and going to desktop, immediately a pop-out said that a certain file was just uploaded

to "Real Cloud" .  I thought what the heck is that and went looking.  It's an Asian company called "Real Cloud".  Has anyone had issues with that?  It apparently just plucked this file and away it went. 

I recently upgraded to Windows 10 which I didn't want to do.  I'm a real stick in the mud about upgrades.

Thanks for your thoughts.



BC AdBot (Login to Remove)

 


#2 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:57 AM

Posted 01 May 2016 - 06:40 PM

Strange... Please do the following:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: As always, please Copy and Paste the log into your reply. Do NOT attach a log unless specifically instructed to do so.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#3 CateCate

CateCate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 May 2016 - 07:09 PM

Yes, strange.  What a nifty tool.  Thanks for the input.

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Catherine (administrator) on 01-05-2016 at 19:56:42
Running from "C:\Users\Catherine\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 80DU Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/01/2016 09:56:27 AM) (Source: RealPlayerUpdateSvc) (User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (05/01/2016 09:56:27 AM) (Source: RealPlayerUpdateSvc) (User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/30/2016 08:03:49 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 47.0.0.5959 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 158c

Start Time: 01d1a1836b4abdfe

Termination Time: 437

Application Path: C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Report Id: 2aef97f7-0f30-11e6-828e-1008b1e36546

Faulting package full name:

Faulting package-relative application ID:

Error: (04/29/2016 06:10:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cc16f5
Exception code: 0xc0000005
Fault offset: 0x0008ab50
Faulting process id: 0xe28
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/29/2016 02:28:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cc16f5
Exception code: 0xc0000005
Fault offset: 0x0008ab50
Faulting process id: 0x224
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/29/2016 02:04:58 PM) (Source: RealPlayerUpdateSvc) (User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/29/2016 02:04:58 PM) (Source: RealPlayerUpdateSvc) (User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/29/2016 02:36:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/28/2016 11:24:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cc16f5
Exception code: 0xc000041d
Fault offset: 0x0008ab50
Faulting process id: 0x978
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/28/2016 11:24:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cc16f5
Exception code: 0xc0000005
Fault offset: 0x0008ab50
Faulting process id: 0x978
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (05/01/2016 03:20:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/01/2016 02:33:03 AM) (Source: DCOM) (User: Lenovo-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PCCatherineS-1-5-21-3719952341-3495958170-4122188356-1001LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (04/29/2016 02:28:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/29/2016 01:05:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/29/2016 12:44:03 AM) (Source: Service Control Manager) (User: )
Description: The Lenovo EasyPlus Hotspot service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2016 12:43:49 AM) (Source: Service Control Manager) (User: )
Description: The Bluetooth Driver Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2016 08:18:39 PM) (Source: Service Control Manager) (User: )
Description: The Routing and Remote Access service terminated with the following service-specific error:
%%2

Error: (04/27/2016 08:18:34 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/27/2016 08:18:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_84c4a service to connect.

Error: (04/27/2016 08:18:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (05/01/2016 09:56:27 AM) (Source: RealPlayerUpdateSvc)(User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (05/01/2016 09:56:27 AM) (Source: RealPlayerUpdateSvc)(User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/30/2016 08:03:49 PM) (Source: Application Hang)(User: )
Description: firefox.exe47.0.0.5959158c01d1a1836b4abdfe437C:\Program Files (x86)\Firefox Developer Edition\firefox.exe2aef97f7-0f30-11e6-828e-1008b1e36546

Error: (04/29/2016 06:10:28 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.10586.2056541caantdll.dll10.0.10586.12256cc16f5c00000050008ab50e2801d1a2572344b1ceC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllaecbba41-5a2f-4788-983f-849681b0c9f2

Error: (04/29/2016 02:28:11 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.10586.2056541caantdll.dll10.0.10586.12256cc16f5c00000050008ab5022401d1a1d21765d177C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll3c2bacb8-f46f-4d90-b153-9b45c0cf7efd

Error: (04/29/2016 02:04:58 PM) (Source: RealPlayerUpdateSvc)(User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/29/2016 02:04:58 PM) (Source: RealPlayerUpdateSvc)(User: )
Description: RealPlayerUpdateSvcSearchPath failed w/err 0x00000002

Error: (04/29/2016 02:36:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/28/2016 11:24:41 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.10586.2056541caantdll.dll10.0.10586.12256cc16f5c000041d0008ab5097801d1a1c3ff73d709C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllf4cc1db9-ecaf-445e-b155-f12c7f47b152

Error: (04/28/2016 11:24:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.10586.2056541caantdll.dll10.0.10586.12256cc16f5c00000050008ab5097801d1a1c3ff73d709C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dllb0507337-e46a-4195-8147-f6cf671ba1e2

CodeIntegrity Errors:
===================================
  Date: 2016-04-29 03:36:22.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-28 11:55:18.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:18.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:18.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:18.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:18.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:18.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:17.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:17.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-28 11:55:17.721
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
ClipX (HKLM-x32\...\ClipX) (Version:  - )
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.400.0.0 - Power Technology)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Eusing Free Registry Defrag (HKLM-x32\...\Eusing Free Registry Defrag) (Version:  - )
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
FastStone Image Viewer 5.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.4 - FastStone Soft)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Firefox Developer Edition 48.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 48.0a2 (x86 en-US)) (Version: 48.0a2 - Mozilla)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
Host App Service (HKCU\...\Pokki) (Version: 0.269.3.227 - Pokki)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9840 - Broadcom Corporation)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.8 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.8 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1607.01 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1607.01 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.73.5 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.46 - Lenovo) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.46 - Lenovo)
Lenovo Updates (HKLM-x32\...\{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Web Start (HKCU\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.227 - Lenovo)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magayo Lotto (HKLM-x32\...\{2BFE878E-5DC5-466E-89F7-1AF649F10B77}_is1) (Version: 5.0.2.1 - magayo)
magayo Pick (HKLM-x32\...\{A0F57176-111A-4FD6-ABDF-1EB90CEA0907}_is1) (Version: 3.2.0.3 - magayo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.5965 - Mozilla)
Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)
NVIDIA 3D Vision Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 354.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1609.47 - Trusteer) Hidden
RealDownloader (HKLM-x32\...\{66fed0a4-7536-40b2-b830-382e37c0c32c}) (Version: 18.0.2.60 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{B0235718-21E0-4A90-A42F-9C64C1B531CD}) (Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{F1D90260-417F-4EB3-9F7B-1D8C86D910A2}) (Version: 18.0.2.60 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7257 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RingCentral for Windows (HKLM-x32\...\{F3347770-61F3-4529-9E54-87C04BF87599}) (Version: 7.3.2.16178 - RingCentral)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.7.306 - NVIDIA Corporation) Hidden
Start Menu (HKCU\...\Pokki_Start_Menu) (Version: 0.269.3.227 - Pokki)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Video Downloader (HKLM-x32\...\{E60AFF01-6087-47BD-8272-61FA3CFC309D}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
========================= Restore Points ==================================

22-04-2016 20:21:19 Windows Update
29-04-2016 06:36:34 Windows Modules Installer

**** End of log ****



#4 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:57 AM

Posted 01 May 2016 - 07:36 PM

I See a lot of Potentially Unwanted Programs on a first skim through... These are typically programs that are bundled with free software. If you see anything on that "installed programs" list that you don't recognize, let me know. A couple in particular that bother me are "registry cleaner" and "driver updater" programs. These are not recommended by Bleeping Computer and can cause a whole host of problems. I recommend that you uninstall them, but they aren't malware so you don't have to if you don't want to.

Here's some good reads related to those two things:
Why you should not use Registry Cleaners and Optimization Tools
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Edit: Grammar

Edited by ScathEnfys, 01 May 2016 - 07:37 PM.

Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#5 CateCate

CateCate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 May 2016 - 08:10 PM

Hi,

Thank you again.  I wasn't aware there were any driver update programs installed.  I don't like those and haven't used any in so long I can't remember.  The Eusing registry cleaner I like.  Funny thing happened when I updated to Windows 10...CCleaner was uninstalled.  Bleeping computer.  :)  I just ran "Hit Man Pro" and it didn't show anything.  It occurred to me to check the router log.  It has dos attacks and lan remote access...hmm.  I'll save that for another day.



#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:57 AM

Posted 02 May 2016 - 08:14 AM

I believe I've seen Real Cloud before, definitely was a PUP that we removed on sight. I remember removing it from Install Programs with no fight - if it gives you problems (such as a broken uninstaller), you can always use RevoUninstaller. I've not heard of it actually removing any data, that concerns me. Was it actually a file of yours and it really disappeared? Could have been a "display", since I'm pretty sure it acts like some sort of "free backup" program.

Edited by Demonslay335, 02 May 2016 - 08:14 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:57 AM

Posted 02 May 2016 - 09:54 AM

Perhaps the quickest way would be to download Malwarebytes and do a quick PUP scan and remove all that you don't use... Although using the uninstallers in add/remove programs would be safer.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#8 CateCate

CateCate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 May 2016 - 11:29 AM

Hi,  After we spoke yesterday I went into "programs and features" and there were no updaters or PUPs.  That doesn't mean they're not lurking somewhere though.  I'm gonna try to make some time for a thorough manual search but things are better at hiding these days.  You know, of all the things that could be snatched, the file that was uploaded wouldn't be of interest to anyone but me.  It was a baptism record from a roll of microfilm of all things.  This makes me wonder if this has been going on for a while..file by file..you know? and I didn't know.  I'll run malawarebytes and see what happens.  Thank you Scath.



#9 CateCate

CateCate
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 May 2016 - 11:40 AM

I believe I've seen Real Cloud before, definitely was a PUP that we removed on sight. I remember removing it from Install Programs with no fight - if it gives you problems (such as a broken uninstaller), you can always use RevoUninstaller. I've not heard of it actually removing any data, that concerns me. Was it actually a file of yours and it really disappeared? Could have been a "display", since I'm pretty sure it acts like some sort of "free backup" program.

Hi,  I just saw this.  I didn't see "Real Cloud" in programs.  It's good to know I didn't dream that.  lol.  I didn't do any investigating in my computer when that happened the other morning.  I hadn't even had my first cup of coffee yet.  It was so weird to me I just came straight here..well, after going to the "Real Cloud" website.  It didn't remove the file it just uploaded it to cyberspace and it was an image file that shouldn't be of interest to anyone.  Weird stuff.  Since I upgraded to Windows 10 my browsers are driving me nuts too.  Oh well.  I'll let you all know what I discover and thank you for the input. 



#10 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:01:57 AM

Posted 02 May 2016 - 12:52 PM

Due to the high amount of PUPs present, their lack of appearing on your add/remove programs list, and your various other strange problems, I am going to ask that this is moved to the "Am I Infected?" forum. As I am still in training, I will not be able to assist you there, but you should be assisted there shortly.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:57 AM

Posted 02 May 2016 - 01:34 PM

Moved


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users