Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a virus - Do not know what.


  • This topic is locked This topic is locked
37 replies to this topic

#1 coachoflife

coachoflife

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 27 June 2016 - 05:30 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by John (2016-06-27 23:26:43)
Running from C:\Users\John\Downloads
Windows 8.1 Connected (X64) (2016-06-27 04:49:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2947496949-1313208790-3359982435-500 - Administrator - Disabled)
Guest (S-1-5-21-2947496949-1313208790-3359982435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947496949-1313208790-3359982435-1003 - Limited - Enabled)
John (S-1-5-21-2947496949-1313208790-3359982435-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.907 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F710E3C-CFBA-41C5-A891-43996960558C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-18] (Lenovo)
Task: {10456C2F-FD12-4A36-AB0E-8EFFD5C2170E} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2022B68B-1BF8-4B68-AA76-C41347F873A5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {4753BBCC-8701-44E8-A642-4CBD93C08A5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
Task: {727563B7-2718-43A7-8F5C-3FEE3E683B32} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {A3BE4E8E-7968-47C4-9C59-07F10C776DAC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-18] ()
Task: {AC7342AA-9D88-4326-A415-E509EE6EFA92} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {CE3937EF-0A36-4591-AF2F-90F86028F26C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
Task: {DDF046B5-5109-49A7-906C-4C1E46E642B6} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {F7363B28-8C39-47C6-9446-C2B24AC84436} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-27] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-10 05:34 - 2011-08-17 04:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-08-10 05:50 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-06-27 07:54 - 2016-06-23 14:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-27 07:54 - 2016-06-23 14:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2009-12-05 00:59 - 2009-12-05 00:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 01:04 - 2009-12-05 01:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "jmesoft"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C7618433-CEDF-4D9F-BBF4-89DE5032E38A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AFF1105-9103-435B-ACDC-0530BE0692E7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1AAF4B19-3558-4D71-9A1E-69D0D4FA9D07}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{2847AD01-714E-412B-80EC-6A4EDF395E56}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2386ABE3-7B34-40F2-A338-2982A32834D1}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7CAD4D83-C403-4550-9E04-D6DB3C86E162}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AE393ABF-4C4B-4273-988B-E99C8F5812E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AC52C6E9-4890-4D31-AF81-2338F3B716CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77365925-3F49-486D-9A1C-499E861DFA8E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C28D98C8-79E1-4BAA-BBFA-D1768164220A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
==================== Restore Points =========================
 
27-06-2016 05:47:36 Windows Modules Installer
27-06-2016 07:21:16 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2016 07:51:20 AM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Stop request seennlsX86cc error: 0
 
Error: (06/27/2016 05:44:42 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-06-27T04:44:42.000000000Z'/><EventRecordID>322</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Lenovo-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4C0065006E006F0076006F002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion.  Error code %2.
 
%3.
 
 
System errors:
=============
Error: (06/27/2016 07:45:51 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/27/2016 07:45:44 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/27/2016 07:45:33 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:33 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:33 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:32 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:32 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/27/2016 07:45:32 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:32 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/27/2016 07:45:31 PM) (Source: DCOM) (EventID: 10005) (User: Lenovo-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 39%
Total physical RAM: 3983.68 MB
Available physical RAM: 2424.68 MB
Total Virtual: 5391.68 MB
Available Virtual: 3483.95 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:417.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 712BA21C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02
Ran by John (administrator) on LENOVO-PC (27-06-2016 23:24:49)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DABC8EA0-2EB0-413F-AB21-5EDB3D69D8D0}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/webhp?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> DefaultScope {74364BBA-F145-480B-B5B6-95E76248E02F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {74364BBA-F145-480B-B5B6-95E76248E02F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {898D2593-3F42-422A-BDFA-B44783FD8491} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2013-09-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2013-09-25] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2013-09-25] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2013-09-25] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-27] (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-06-27] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-27]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-27]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-27]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-15] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-27] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [184800 2013-12-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-06] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-06] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-06] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-06] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-06] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-06] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-06] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-27 23:24 - 2016-06-27 23:25 - 00011392 _____ C:\Users\John\Downloads\FRST.txt
2016-06-27 23:24 - 2016-06-27 23:24 - 02389504 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2016-06-27 23:24 - 2016-06-27 23:24 - 00000000 ____D C:\FRST
2016-06-27 23:22 - 2016-06-27 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-06-27 19:48 - 2016-06-27 19:48 - 00003176 ____N C:\bootsqm.dat
2016-06-27 19:34 - 2016-06-27 19:34 - 00000000 ____D C:\WINDOWS\pss
2016-06-27 19:20 - 2016-06-27 19:20 - 00001138 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-06-27 19:20 - 2016-06-27 19:20 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-06-27 19:19 - 2016-06-27 19:19 - 02026456 _____ C:\Users\John\Downloads\dixmlsetup.exe
2016-06-27 19:16 - 2016-06-27 19:16 - 00000000 ____D C:\Users\John\AppData\Local\Steam
2016-06-27 19:16 - 2016-06-27 19:16 - 00000000 ____D C:\Users\John\AppData\Local\CEF
2016-06-27 19:13 - 2016-06-27 23:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-27 19:13 - 2016-06-27 19:13 - 00000990 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-27 19:13 - 2016-06-27 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-27 19:12 - 2016-06-27 19:13 - 01380712 _____ C:\Users\John\Downloads\SteamSetup.exe
2016-06-27 14:20 - 2016-06-27 14:20 - 00000000 _____ C:\Recovery.txt
2016-06-27 07:54 - 2016-06-27 23:20 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-27 07:54 - 2016-06-27 20:04 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-27 07:54 - 2016-06-27 17:35 - 00000000 ____D C:\Users\John\AppData\Local\Google
2016-06-27 07:54 - 2016-06-27 07:59 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-27 07:54 - 2016-06-27 07:59 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-27 07:54 - 2016-06-27 07:54 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-27 07:54 - 2016-06-27 07:54 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-27 07:54 - 2016-06-27 07:54 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-27 07:53 - 2016-06-27 07:54 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2016-06-27 07:53 - 2016-06-27 07:53 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2016-06-27 07:40 - 2016-06-27 07:48 - 00000000 ____D C:\Users\John\AppData\Roaming\ZHP
2016-06-27 07:40 - 2016-06-27 07:40 - 02274304 _____ C:\Users\John\Downloads\ZHPCleaner.exe
2016-06-27 07:25 - 2016-06-27 07:25 - 00752296 _____ C:\Users\John\Downloads\Adware Removal Tool by TSA.exe
2016-06-27 07:25 - 2016-06-27 07:25 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-06-27 07:25 - 2016-06-27 07:25 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-27 07:21 - 2016-06-27 07:21 - 01610816 _____ (Malwarebytes) C:\Users\John\Downloads\JRT.exe
2016-06-27 07:14 - 2016-06-27 07:17 - 00000000 ____D C:\AdwCleaner
2016-06-27 07:14 - 2016-06-27 07:14 - 03703360 _____ C:\Users\John\Downloads\adwcleaner_5.200.exe
2016-06-27 07:11 - 2016-06-27 07:11 - 00003344 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2016-06-27 07:11 - 2016-06-27 07:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-27 07:07 - 2016-06-27 07:07 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieUserList
2016-06-27 07:07 - 2016-06-27 07:07 - 00000000 __SHD C:\Users\John\AppData\LocalLow\EmieSiteList
2016-06-27 07:07 - 2016-06-27 07:07 - 00000000 __SHD C:\Users\John\AppData\Local\EmieUserList
2016-06-27 07:07 - 2016-06-27 07:07 - 00000000 __SHD C:\Users\John\AppData\Local\EmieSiteList
2016-06-27 06:01 - 2016-06-27 06:01 - 00000000 ____D C:\Users\John\AppData\Local\GWX
2016-06-27 05:56 - 2016-06-27 23:25 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2947496949-1313208790-3359982435-1001
2016-06-27 05:52 - 2016-06-27 05:53 - 00000000 ____D C:\Users\John\AppData\Local\Lenovo
2016-06-27 05:51 - 2016-06-27 05:51 - 00000000 ____D C:\Users\John\AppData\Roaming\Lenovo
2016-06-27 05:51 - 2016-06-27 05:51 - 00000000 ____D C:\Users\John\AppData\Local\Power2Go
2016-06-27 05:50 - 2016-06-27 05:52 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2016-06-27 05:50 - 2016-06-27 05:50 - 00001457 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-27 05:50 - 2016-06-27 05:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-27 05:50 - 2016-06-27 05:50 - 00000020 ___SH C:\Users\John\ntuser.ini
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 _SHDL C:\Users\John\My Documents
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 _SHDL C:\Users\John\Documents\My Music
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 ____D C:\Users\John
2016-06-27 05:50 - 2016-06-27 05:50 - 00000000 ____D C:\ProgramData\eBay
2016-06-27 05:50 - 2014-08-10 05:52 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2016-06-27 05:50 - 2014-03-18 10:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-06-27 05:50 - 2014-03-18 10:54 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-06-27 05:48 - 2016-06-27 05:51 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-06-27 05:48 - 2016-06-27 05:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-06-27 05:47 - 2015-11-14 15:50 - 00133248 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-06-27 05:47 - 2015-11-14 15:50 - 00114160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-06-27 05:47 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-27 05:47 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-27 05:47 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-06-27 05:47 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-27 05:47 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-06-27 05:47 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-06-27 05:47 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-06-27 05:47 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-06-27 05:47 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-27 05:47 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-06-27 05:47 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-06-27 05:47 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-06-27 05:47 - 2015-08-11 03:47 - 02757072 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-27 05:47 - 2015-08-11 03:47 - 02414096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-27 05:47 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-06-27 05:47 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-27 05:47 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-06-27 05:47 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-27 05:47 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-06-27 05:47 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2016-06-27 05:44 - 2016-06-27 05:44 - 00000000 __RHD C:\Users\Public\AccountPictures
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-27 23:22 - 2014-08-10 05:42 - 00001871 _____ C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2016-06-27 19:54 - 2014-03-18 10:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-27 19:54 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-27 19:48 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-27 18:29 - 2014-08-10 05:40 - 00000000 ____D C:\Program Files\Lenovo
2016-06-27 18:29 - 2014-08-10 05:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-27 17:28 - 2014-08-10 05:40 - 00000000 ____D C:\ProgramData\McAfee
2016-06-27 17:22 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-27 14:20 - 2013-08-22 16:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-06-27 13:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-27 07:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-27 07:19 - 2014-08-10 05:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-27 07:19 - 2013-08-22 15:44 - 00344624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-27 07:17 - 2014-08-10 05:42 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-06-27 07:11 - 2014-08-10 05:40 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-06-27 07:10 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-27 05:57 - 2014-08-10 05:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-06-27 05:51 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-27 05:50 - 2014-04-02 18:34 - 00000000 ____D C:\WINDOWS\Panther
2016-06-27 05:48 - 2013-08-22 16:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-27 05:48 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
 
==================== Files in the root of some directories =======
 
2014-08-10 05:32 - 2014-08-10 05:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\_is2559.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-10 05:24
 
==================== End of FRST.txt ============================
 


I have come across windows service loader in startup.

Edited by hamluis, 28 June 2016 - 06:27 AM.


BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 29 June 2016 - 06:10 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello coachoflife,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

While I am reviewing the logs you provided, I would like you to post a detailed description of what is happening with your computer.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 29 June 2016 - 07:47 PM

Thank you for helping me.  I have backed up my files with driveimage XML.

On my computer I have found windows service loader.  The problems I have are things being loaded up in icons, things being attempted to load up before my router has fully loaded, computer running slowly, messages appearing telling me different things that do not strike me as being right, pages not being how they should look after I have been directed to them (I use them frequently), I get a lot of viruses from websites that have always been fine (usually websites that are well known like youtube).  I think I have the same problem for about a year and a half from picking up the google re-direct virus (this went and something else took its place).  I bought 2 other computers accessed the exact same site and got the exact same virus which I did not think would happen.  Got another computer fixed (not told what virus was) then got tons of viruses and my C drive stopped working.



#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 29 June 2016 - 09:23 PM

Hello coachoflife,

 

Please follow the steps below..


Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

 

Next..


Adwcleaner


  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point

 

I need you to run a search using FRST..

 

  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • AdwCleaner Log
  • Search.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 30 June 2016 - 02:13 AM

Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by John (2016-06-30 08:11:03)
Running from C:\Users\John\Downloads
Boot Mode: Normal
 
================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========
 
 
===================== Search result for "babylon" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
 
===================== Search result for "Searchqu" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"
 
[HKEY_USERS\S-1-5-21-2947496949-1313208790-3359982435-1001\Software\Classes\ActivatableClasses\CLSID\{EAA023A2-8D8C-522F-AF02-7CD01E501554}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
 
[HKEY_USERS\S-1-5-21-2947496949-1313208790-3359982435-1001_Classes\ActivatableClasses\CLSID\{EAA023A2-8D8C-522F-AF02-7CD01E501554}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
 
====== End of Search ======


#6 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 30 June 2016 - 02:22 AM

Had no problems following instructions.  Found windows update in task manager and removed it.

 

# AdwCleaner v5.200 - Logfile created 30/06/2016 at 08:15:59
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-29.1 [Server]
# Operating system : Windows 8.1 Connected  (X64)
# Username : John - LENOVO-PC
# Running from : C:\Users\John\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1759 bytes] - [27/06/2016 07:17:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1085 bytes] - [30/06/2016 07:53:41]
C:\AdwCleaner\AdwCleaner[C3].txt - [866 bytes] - [30/06/2016 08:15:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [1630 bytes] - [27/06/2016 07:15:04]
C:\AdwCleaner\AdwCleaner[S2].txt - [923 bytes] - [30/06/2016 07:51:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1072 bytes] - [30/06/2016 08:14:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1156 bytes] ##########


#7 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 30 June 2016 - 05:45 PM

have mcafee real protect (removed mcafee from computer) and GWX (removed previously) in task manager.



#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 30 June 2016 - 10:56 PM

Hello coachoflife,


Please tell me why you did the following..

  • Found windows update in task manager and removed it.

  • have mcafee real protect (removed mcafee from computer)

Please do not stop processes and/or delete programs without checking with me first..  If you are unsure about anything feel free to ask me.


I also notice a few things with the AdwCleaner log that you provided and we should address them before we continue any further.  I asked you to run the program and to not select Cleaning...  Not only did you select cleaning, but you also ran the program twice!  I am not trying to reprimand you by writing this, however I want you to be aware that the tools we are using for cleaning can sometimes be very powerful and could cause serious damage to your computer if used incorrectly.  In the future please follow my instructions carefully and never run a tool twice unless I say so.


Now let's get to work.. :)  


Please navigate to the following location:

C:\AdwCleaner\AdwCleaner[C1].txt
C:\AdwCleaner\AdwCleaner[C2].txt

Please post AdwCleaner[C1].txt and AdwCleaner[C2].txt in your next reply.

I think it would be a good idea to see a fresh set of FRST logs..
 

  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..

  • Answer to my question.
  • AdwCleaner[C1].txt
  • AdwCleaner[C2].txt
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 01 July 2016 - 12:52 AM

I removed things as I did not know it was a problem but now I do I will do nothing unless you say so.  AWDcleaner I have only used as a cleaner so did not cross my mind it would be anything else.  Did not read whole thing properly as a result will know differently now.  I removed mcafee as I never keep mcafee as I prefer Microsoft security essentials as it is free.

 

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 06:48:16
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 8.1 Connected  (X64)
# Username : John - LENOVO-PC
# Running from : C:\Users\John\Downloads\AdwCleaner (3).exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1759 bytes] - [27/06/2016 07:17:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1085 bytes] - [30/06/2016 07:53:41]
C:\AdwCleaner\AdwCleaner[C3].txt - [1235 bytes] - [30/06/2016 08:15:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [1630 bytes] - [27/06/2016 07:15:04]
C:\AdwCleaner\AdwCleaner[S2].txt - [923 bytes] - [30/06/2016 07:51:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1072 bytes] - [30/06/2016 08:14:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [1068 bytes] - [01/07/2016 06:48:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1141 bytes] ##########



#10 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 01 July 2016 - 01:35 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by John (2016-07-01 07:32:40)
Running from C:\Users\John\Downloads
Windows 8.1 Connected (Update) (X64) (2016-06-27 04:49:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2947496949-1313208790-3359982435-500 - Administrator - Disabled)
Guest (S-1-5-21-2947496949-1313208790-3359982435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947496949-1313208790-3359982435-1003 - Limited - Enabled)
John (S-1-5-21-2947496949-1313208790-3359982435-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F710E3C-CFBA-41C5-A891-43996960558C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-18] (Lenovo)
Task: {10456C2F-FD12-4A36-AB0E-8EFFD5C2170E} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2022B68B-1BF8-4B68-AA76-C41347F873A5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {A3BE4E8E-7968-47C4-9C59-07F10C776DAC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-18] ()
Task: {AC7342AA-9D88-4326-A415-E509EE6EFA92} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {DDF046B5-5109-49A7-906C-4C1E46E642B6} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-18] (Lenovo)
Task: {F7363B28-8C39-47C6-9446-C2B24AC84436} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-06-27] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-08-10 05:34 - 2011-08-17 04:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-08-10 05:50 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2009-12-05 00:59 - 2009-12-05 00:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 01:04 - 2009-12-05 01:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "jmesoft"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C7618433-CEDF-4D9F-BBF4-89DE5032E38A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1AAF4B19-3558-4D71-9A1E-69D0D4FA9D07}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{2847AD01-714E-412B-80EC-6A4EDF395E56}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2386ABE3-7B34-40F2-A338-2982A32834D1}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AE393ABF-4C4B-4273-988B-E99C8F5812E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AC52C6E9-4890-4D31-AF81-2338F3B716CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77365925-3F49-486D-9A1C-499E861DFA8E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C28D98C8-79E1-4BAA-BBFA-D1768164220A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

==================== Restore Points =========================

27-06-2016 05:47:36 Windows Modules Installer
27-06-2016 07:21:16 JRT Pre-Junkware Removal
30-06-2016 07:38:33 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2016 07:16:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d54

Start Time: 01d1d35f21ab54cf

Termination Time: 46

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 4723292c-3f53-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:09:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c1c

Start Time: 01d1d35eec3ea67f

Termination Time: 31

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 5df23bc0-3f52-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:06:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd0

Start Time: 01d1d35e980a74f7

Termination Time: 48

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: f15ee202-3f51-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:05:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 490

Start Time: 01d1d35e57b171e0

Termination Time: 46

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: d17d7047-3f51-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:03:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a38

Start Time: 01d1d35df2d112d9

Termination Time: 36

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 941dd6b0-3f51-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:01:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 648

Start Time: 01d1d35df2d37535

Termination Time: 36

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 4dcacce8-3f51-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/01/2016 07:01:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e68

Start Time: 01d1d3568633b1c0

Termination Time: 44

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 2d749508-3f51-11e6-8267-c03fd59bd11a

Faulting package full name:

Faulting package-relative application ID:

Error: (06/29/2016 09:00:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotosApp.exe, version: 6.3.9600.17031, time stamp: 0x530857af
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0x40000015
Fault offset: 0x0000000000055326
Faulting process id: 0xf20
Faulting application start time: 0xPhotosApp.exe0
Faulting application path: PhotosApp.exe1
Faulting module path: PhotosApp.exe2
Report Id: PhotosApp.exe3
Faulting package full name: PhotosApp.exe4
Faulting package-relative application ID: PhotosApp.exe5

Error: (06/29/2016 07:23:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PhotosApp.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8cc

Start Time: 01d1d1ce9696593b

Termination Time: 4294967295

Application Path: C:\WINDOWS\FileManager\PhotosApp.exe

Report Id: de971524-3dc1-11e6-825f-c03fd59bd11a

Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Microsoft.Windows.PhotoManager

Error: (06/29/2016 07:22:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Lenovo-PC)
Description: App FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager did not launch within its allotted time.

System errors:
=============
Error: (07/01/2016 06:16:42 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/01/2016 06:16:11 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/01/2016 06:07:26 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/01/2016 06:06:56 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/01/2016 05:33:34 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/01/2016 05:33:04 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/01/2016 04:39:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:27:43 on ‎01/‎07/‎2016 was unexpected.

Error: (06/30/2016 10:47:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:07:43 on ‎30/‎06/‎2016 was unexpected.

Error: (06/30/2016 08:39:49 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/30/2016 08:39:19 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

==================== Memory info ===========================

Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 43%
Total physical RAM: 3983.68 MB
Available physical RAM: 2239.81 MB
Total Virtual: 5391.68 MB
Available Virtual: 3258.21 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:381.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 712BA21C)

Partition: GPT.

==================== End of Addition.txt ============================



#11 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 01 July 2016 - 01:49 AM

So many problems loading up the logs as pasting them was not allowed.  kept telling me bleeping computer was not responding and then when finally did get both loaded up and pressed save changes I got a took too long message and had to come out and try again.  Up now hopefully but a bit of a struggle.



#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 01 July 2016 - 06:43 PM

Hello coachoflife,
 

AWDcleaner I have only used as a cleaner so did not cross my mind it would be anything else.

The reason I wanted to see what was flagged by the program before selecting cleaning, is that sometimes there can be "false positives".  It does not happen often, but I always prefer to err on the side of caution.



So many problems loading up the logs as pasting them was not allowed.  kept telling me bleeping computer was not responding and then when finally did get both loaded up and pressed save changes I got a took too long message and had to come out and try again.  Up now hopefully but a bit of a struggle.

    
This might have simply been a problem with the forum software.  If this issue persists please let me know.

I don't see the FRST.txt log, could you post it in your next reply?  If you are unable to post the log, please feel free to attach it.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#13 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 01 July 2016 - 10:17 PM

Had same problem trying to load up log so done as you suggested.

Attached Files

  • Attached File  FRST.txt   490.91KB   7 downloads


#14 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 02 July 2016 - 04:36 PM

Hello coachoflife,


Please run the following fix..
 

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
CreateRestorePoint:

HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [2010992 2016-06-29] (McAfee Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {898D2593-3F42-422A-BDFA-B44783FD8491} URL =
2016-06-29 08:11 - 2016-06-29 08:11 - 00000112 ___RH C:\Users\John\Downloads\Stinger.opt
2016-06-29 08:07 - 2016-06-29 08:11 - 00000000 ____D C:\Program Files (x86)\stinger
2016-06-29 08:07 - 2016-06-29 08:08 - 00000813 _____ C:\Users\John\Downloads\Stinger_29062016_080752.html
2016-06-29 08:07 - 2016-06-29 08:07 - 16575344 _____ (McAfee Inc) C:\Users\John\Downloads\stinger32.exe
2016-06-29 08:07 - 2016-06-29 08:07 - 00000000 ____D C:\Program Files\McAfee
2016-06-27 05:50 - 2016-06-27 05:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
CreateRestorePoint:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


How is your computer behaving now?



-----------------------------------------
In your next reply, I would like to see..


  • fixlist.txt
  • Update on your computer's behaviour.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#15 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 02 July 2016 - 08:44 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by John (2016-07-03 02:38:38) Run:1
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [2010992 2016-06-29] (McAfee Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2947496949-1313208790-3359982435-1001 -> {898D2593-3F42-422A-BDFA-B44783FD8491} URL =
2016-06-29 08:11 - 2016-06-29 08:11 - 00000112 ___RH C:\Users\John\Downloads\Stinger.opt
2016-06-29 08:07 - 2016-06-29 08:11 - 00000000 ____D C:\Program Files (x86)\stinger
2016-06-29 08:07 - 2016-06-29 08:08 - 00000813 _____ C:\Users\John\Downloads\Stinger_29062016_080752.html
2016-06-29 08:07 - 2016-06-29 08:07 - 16575344 _____ (McAfee Inc) C:\Users\John\Downloads\stinger32.exe
2016-06-29 08:07 - 2016-06-29 08:07 - 00000000 ____D C:\Program Files\McAfee
2016-06-27 05:50 - 2016-06-27 05:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
CreateRestorePoint
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RealProtect => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2947496949-1313208790-3359982435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{898D2593-3F42-422A-BDFA-B44783FD8491}" => key removed successfully
HKCR\CLSID\{898D2593-3F42-422A-BDFA-B44783FD8491} => key not found.
C:\Users\John\Downloads\Stinger.opt => moved successfully
C:\Program Files (x86)\stinger => moved successfully
C:\Users\John\Downloads\Stinger_29062016_080752.html => moved successfully
C:\Users\John\Downloads\stinger32.exe => moved successfully

"C:\Program Files\McAfee" folder move:

Could not move "C:\Program Files\McAfee" => Scheduled to move on reboot.

C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

CreateRestorePoint => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12056314 B
Java, Flash, Steam htmlcache => 27011854 B
Windows/system/drivers => 5481883 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 19706 B
NetworkService => 5842 B
John => 3429292 B

RecycleBin => 0 B
EmptyTemp: => 53.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-03 02:40:39)

C:\Program Files\McAfee => Is moved successfully

==== End of Fixlog 02:40:39 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users