unable to remove shopop

[WildBaconBill]

Hello

 

Earlier today I did something stupid and allowed malware to infect my PC. Thanks to Malwarebytes, all of the issues caused by the malware was solved. Afterwards, I began uninstalling the toolbars and other programs that were installed due to my mistake. Unfortunately, this program called shopop is not uninstalling. When I try to uninstall it, this shows up. 

Then malwarebytes indicate an alert . 

 

This is my protection log

 

01/09 00:25:40 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSIB5AA.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:25:50 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSIDE80.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:25:51 -0800 LASHONDA Malisha ERROR Quarantine failed:  SDKQuarantine failed with error code 2

2014/01/09 00:26:12 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSI3404.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:26:12 -0800 LASHONDA Malisha ERROR Quarantine failed:  SDKQuarantine failed with error code 2

2014/01/09 00:26:15 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSI3DA9.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:26:15 -0800 LASHONDA Malisha ERROR Quarantine failed:  SDKQuarantine failed with error code 2

2014/01/09 00:28:02 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSIE0AC.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:28:02 -0800 LASHONDA Malisha ERROR Quarantine failed:  SDKQuarantine failed with error code 2

2014/01/09 00:29:50 -0800 LASHONDA Malisha DETECTION C:\Windows\Installer\MSI84D8.tmp PUP.Optional.SmartBar QUARANTINE

2014/01/09 00:29:50 -0800 LASHONDA Malisha ERROR Quarantine failed:  SDKQuarantine failed with error code 2

 

No issues with the PC, but its bugging me.

 

Thank you

 

[WildBaconBill]

Also, DDS is not running on my computer because it says that it cannot run on compatibility mode. My PC is running on Windows 8.1. 

[Maniac]

Hello WildBaconBill and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[WildBaconBill]

Thank you very much for your help. Malwarebytes has kept me malware free for so long, I forgot that I can contact customer support. 

Here are the logs.

 

OTL logfile created on: 1/9/2014 9:46:02 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Malisha\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.87 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.75% Memory free

9.12 Gb Paging File | 6.62 Gb Available in Paging File | 72.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 883.84 Gb Total Space | 789.45 Gb Free Space | 89.32% Space Free | Partition Type: NTFS

Drive D: | 25.00 Gb Total Space | 22.40 Gb Free Space | 89.58% Space Free | Partition Type: NTFS

 

Computer Name: LASHONDA | User Name: Malisha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/09 09:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malisha\Downloads\OTL.exe

PRC - [2013/12/05 21:09:40 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\Malisha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/08/16 12:37:50 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/07/27 10:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

PRC - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/07/15 23:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/17 15:24:14 | 000,181,760 | ---- | M] () -- C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0\plugin\ace.dll

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/11/16 13:19:22 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2013/11/07 19:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2013/10/21 17:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2013/10/18 21:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/10 08:23:32 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/10/04 00:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/09/29 20:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/09/29 20:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/09/29 20:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2013/09/29 20:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/09/04 17:12:54 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)

SRV:64bit: - [2013/08/22 04:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)

SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 02:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 01:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2013/08/22 01:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 01:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2013/07/27 00:49:33 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2013/03/28 21:42:30 | 000,077,352 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)

SRV:64bit: - [2012/09/06 14:53:50 | 000,957,304 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2012/07/18 11:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2012/07/18 11:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2012/07/18 11:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2012/07/18 11:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2012/07/15 23:49:46 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)

SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/11/16 13:16:53 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013/11/16 13:16:53 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2013/10/08 18:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/10/03 22:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013/09/29 20:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2013/09/05 01:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/02/10 15:55:30 | 000,012,288 | ---- | M] (Chris Pietschmann (http://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/16 12:37:50 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012/07/17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/07/17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/07/15 23:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2012/06/25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/11/10 18:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2013/11/09 03:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/11/01 03:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/10/30 16:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/25 17:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2013/10/12 18:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/05 07:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/10/03 22:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013/09/29 20:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/09/29 20:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/09/29 20:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/09/29 19:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/09/29 19:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/09/26 01:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2013/09/26 01:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2013/09/05 01:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2013/09/04 17:12:52 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2013/09/04 17:12:38 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)

DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 04:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 04:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 04:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 04:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2013/08/22 04:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2013/08/22 04:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 04:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/08/22 04:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2013/08/22 04:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 03:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 03:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 03:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/07/08 10:37:41 | 003,344,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)

DRV:64bit: - [2013/06/18 06:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)

DRV:64bit: - [2013/05/14 11:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/10/25 00:47:43 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2012/10/25 00:47:43 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2012/08/29 20:53:58 | 000,186,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2012/08/29 20:53:56 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2012/08/29 20:53:54 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2012/08/26 18:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/08/26 18:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/16 12:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012/08/09 18:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)

DRV:64bit: - [2012/07/26 18:18:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2012/07/02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/06/21 22:22:16 | 000,174,176 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2012/06/19 06:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012/06/15 04:31:06 | 008,222,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)

DRV:64bit: - [2012/06/13 16:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV - [2012/07/24 17:34:32 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC470FD0F-C16B-4C11-BBAC-79E58EE519C0&q={searchTerms}&SSPV=

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Malisha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Malisha\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Malisha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Malisha\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Malisha\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/27 19:52:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://search.yahoo.com/r/_ylt=A0SO80Yok1RSIw4AOt9XNyoA/SIG=119lkv61d/EXP=1381303208/**http%3a//www.yahoo.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\FreeRide Games\npExentControl.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

CHR - Extension: Chrome Refresh = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0\

CHR - Extension: Google Drive = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Reddit Enhancement Suite = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\

CHR - Extension: StayFocusd = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0\

CHR - Extension: Hangouts = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0\

CHR - Extension: Google Wallet = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Auto Refresh Plus = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0\

CHR - Extension: Gmail = C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/08/22 05:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [intellingentTouchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe (Microsoft)

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-864825927-220348576-1205547705-1002..\Run: [GoogleChromeAutoLaunch_C65211AA77509B2C6D1BFDADC8D3ECB2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-864825927-220348576-1205547705-1002..\Run: [spotify Web Helper] C:\Users\Malisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-864825927-220348576-1205547705-1002..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (ExentInf1 Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31CCB54E-8093-4281-BA15-8495035DF494}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CA81EF-4D67-48D0-8D4D-16CDE870D378}: DhcpNameServer = 10.1.0.50 10.1.0.51 4.2.2.2

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/08 23:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

[2014/01/08 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

[2014/01/08 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2014/01/08 23:16:27 | 000,000,000 | ---D | C] -- C:\Users\Malisha\Desktop\mbar

[2014/01/08 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Roaming\vlc

[2014/01/08 21:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2014/01/08 20:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector

[2014/01/08 20:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak

[2014/01/08 20:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

[2014/01/08 20:39:13 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Roaming\Systweak

[2014/01/08 20:39:11 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\SysNative\roboot64.exe

[2014/01/08 20:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

[2014/01/08 20:37:37 | 000,000,000 | ---D | C] -- C:\Users\Malisha\.android

[2014/01/08 20:37:34 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\cache

[2014/01/08 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\SearchProtect

[2014/01/08 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\genienext

[2014/01/08 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Malisha\Documents\Mobogenie

[2014/01/08 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\Mobogenie

[2014/01/06 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Roaming\uTorrent

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/09 09:40:55 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/09 09:40:05 | 000,001,964 | ---- | M] () -- C:\Users\Malisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk

[2014/01/09 09:39:18 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/01/09 01:25:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002UA.job

[2014/01/09 01:14:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/09 01:05:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2014/01/09 01:05:38 | 2464,374,783 | -HS- | M] () -- C:\hiberfil.sys

[2014/01/08 23:28:50 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2014/01/08 21:44:24 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/01/08 18:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002Core.job

[2013/12/25 19:38:44 | 000,001,319 | ---- | M] () -- C:\Users\Malisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2013/12/13 10:16:49 | 000,436,928 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/12/13 00:11:31 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/12/13 00:11:31 | 000,732,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/12/13 00:11:31 | 000,136,262 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

 

========== Files Created - No Company Name ==========

 

[2014/01/08 23:28:50 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk

[2014/01/08 21:44:24 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/01/08 20:39:51 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysNative\sasnative64.exe

[2013/11/16 13:28:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2013/10/03 22:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll

[2013/10/03 22:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2013/10/03 22:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll

[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/21 19:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/05/27 14:29:00 | 000,941,992 | ---- | C] () -- C:\WINDOWS\SysWow64\WPShellExt64.dll

[2013/02/06 16:37:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/01/17 23:49:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2012/11/30 19:14:31 | 000,000,288 | ---- | C] () -- C:\Users\Malisha\AppData\Roaming\.backup.dm

[2012/10/25 00:22:57 | 000,880,342 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2012/10/25 00:21:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2012/07/25 12:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin

[2012/07/25 12:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin

[2012/07/17 14:22:04 | 000,179,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll

[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

 

========== ZeroAccess Check ==========

 

[2013/10/26 03:08:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/11/05 12:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/11/05 10:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/03/27 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Ashampoo

[2013/01/24 21:16:04 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\CDisplayEx

[2013/11/16 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\DassaultSystemes

[2013/01/16 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Lenovo

[2013/01/04 00:24:52 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Nitro PDF

[2012/12/23 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Opera

[2013/01/17 23:50:11 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Shark007

[2013/02/26 21:19:18 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Spotify

[2014/01/08 21:11:13 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Systweak

[2014/01/09 01:03:11 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\uTorrent

[2013/01/16 00:19:21 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\WebApp

[2013/01/17 23:39:03 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\Win8codecs

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 220 bytes -> C:\Users\Malisha\SkyDrive:ms-properties

 

< End of report >

[WildBaconBill]

OTL Extras logfile created on: 1/9/2014 9:46:02 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Malisha\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.87 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.75% Memory free

9.12 Gb Paging File | 6.62 Gb Available in Paging File | 72.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 883.84 Gb Total Space | 789.45 Gb Free Space | 89.32% Space Free | Partition Type: NTFS

Drive D: | 25.00 Gb Total Space | 22.40 Gb Free Space | 89.58% Space Free | Partition Type: NTFS

 

Computer Name: LASHONDA | User Name: Malisha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()

Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()

Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" =  [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10F79DE1-50AF-4F26-9BE8-FF7AE8DC7A2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{167F72B7-B7E0-4B79-96EA-03C0265A7C0D}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{5073C754-9919-4549-9D72-2FCF0DEE6D7D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 

"{56684D35-910E-4978-97E0-609AF191BA47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{586E375C-2FCA-4262-9DD5-4EF09DA5EAD8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 

"{61DDDAA2-F74A-4FCA-8C36-8440AC5DEBEC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 

"{633F7DFD-A482-4EF5-88EB-CE3E23F519CA}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{642262DA-1383-4B25-9587-B3CFC253E07D}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 

"{718E2A32-29BF-42FB-AB16-14852BBA7502}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{9D356CF6-03BB-4E34-AAFB-B4CA2F3BCFF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B03D436C-00C3-4524-BB76-723EA9D5AF61}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{F787CBE5-56CC-4FDB-B0C8-5E8DDFEB5C0F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F8FD2BC6-123C-4BF5-B0FF-C64F5ECE2B8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{042F7150-A58B-4C88-A6A5-6AC115E7849F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 

"{055FEC87-D792-40B5-BDBE-910A188C71CE}" = dir=out | name=rara music | 

"{0865578E-697F-42B4-8471-A2FDBFF74ED3}" = dir=in | name=check point vpn | 

"{093863D4-5A84-47AF-859B-89990E7A144A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{126BEDDC-7E7C-494F-BEDA-74ED136713B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{137EC450-3FC2-4D6D-B825-4BC7AB5B1B18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{189A465A-7102-4547-8C67-F80E7154C8B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1960690C-231F-4553-919C-805B85454D51}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{231AD399-463E-4B4B-9260-7041CBD001AA}" = dir=in | name=powerdvd for lenovo idea | 

"{237EA446-0957-44CE-9B0B-CEA015E8CA2E}" = dir=out | name=evernote touch | 

"{2A709363-0899-4017-9BCE-D112AF21E23A}" = dir=out | name=ebay | 

"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | 

"{36F5EC62-027B-451B-8BD1-F335D0755962}" = dir=in | name=evernote touch | 

"{39AB0DAA-91F9-4A1E-AD40-C74828C2DF05}" = dir=out | name=crackle | 

"{39F62F93-D95F-45C7-9FD1-AAC023085254}" = dir=out | name=windows_ie_ac_001 | 

"{3DA4757A-E507-4FCA-ACC9-268ED5D12493}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 

"{45E2763E-10AD-4669-901E-6194FA2B58C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{4628F867-2A97-4667-9D35-CAA39AE45B09}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{4A35E8ED-86FF-448E-AC15-2ADDC5265EC1}" = protocol=6 | dir=in | app=c:\users\malisha\appdata\roaming\utorrent\utorrent.exe | 

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 

"{578D8D56-125D-466E-A145-0F1DCBBF524E}" = dir=out | name=f5 vpn | 

"{59821B56-C684-486F-929D-DE7081D979A7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{59B34503-8ED4-46EF-A59D-4B2AC1E9FF11}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 

"{5A84E386-1281-453B-ADA9-5B3F354CEB38}" = protocol=17 | dir=in | app=c:\users\malisha\appdata\roaming\utorrent\utorrent.exe | 

"{5C92BCF0-2694-4D58-900C-A9E845BDEDA5}" = dir=out | name=kindle | 

"{5D178E8F-906B-405F-BF29-4B9AC8369D91}" = protocol=6 | dir=out | app=system | 

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 

"{670E8473-9A33-4499-ACF7-1D4B9CBC09D9}" = dir=out | name=netflix | 

"{69CCEEB2-BEA3-47B4-9679-1D9A9D36BF30}" = dir=out | name=sonicwall mobile connect | 

"{6B8C0B66-442E-4B65-8AD3-157094A41F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{6B939E17-861F-434F-876A-4CCAE0CE43D0}" = dir=out | name=accuweather for windows 8 | 

"{6D32F97B-A58E-41CA-B43B-50A43986480C}" = dir=in | name=juniper networks junos pulse | 

"{72430FA9-4EB9-46E9-8566-379EC1A0F199}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{748ACD0C-2424-4F88-A30F-84AB9324BC68}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{76428C62-343C-4D49-B1EE-C1E966F40D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{794946A9-771E-4F6C-BB93-A0D96AFAD387}" = dir=out | name=khan academy | 

"{7E89A126-74BE-462E-A945-7F8B1163FEF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{82B95CC7-46D3-4330-8CD5-8614F0E9F318}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{83F37095-503B-4A78-8817-84F944133FFA}" = dir=in | name=sonicwall mobile connect | 

"{89954BBC-2A5B-4844-A45D-988F27979290}" = dir=out | name=windows_ie_ac_001 | 

"{8B064738-CD72-4147-BDBA-41E124EF72FF}" = dir=out | name=reddit to go! | 

"{8B57CD2D-F144-4721-B67A-4924A72E0F15}" = dir=out | name=the cw | 

"{8D9F40E1-F632-4F1D-9E52-0D7F8080157D}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 

"{8F9F861A-8230-4F0A-AB83-261554DEC75D}" = protocol=6 | dir=in | app=c:\users\malisha\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{980B7CF9-E966-4C1F-972C-03170246E2E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{A23AE530-9B9A-4BC5-B73D-9F8E228E369F}" = dir=in | name=skype | 

"{A4AD77FC-C290-4446-A92C-FBAE93D96CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 

"{A7695190-0897-4E22-9C7C-A031713DB3E9}" = dir=in | name=hp printer control | 

"{ABE62688-2331-425B-B81A-78FF32B5926C}" = dir=out | name=vimeo for lenovo | 

"{AC263601-D7A1-4FB6-8058-3442DCBE7656}" = dir=in | name=f5 vpn | 

"{ADB4D831-1009-451A-B980-4740B8EAA980}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 

"{B347CFAF-04AB-49AC-8580-38488C89DDB4}" = dir=out | name=movies online | 

"{BEBFC459-D3CA-436C-B18C-B3BCD80DA701}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{BEEA7CDA-1B0B-4FC5-BE66-9AC64FC5FA79}" = dir=out | name=juniper networks junos pulse | 

"{C24BB8CB-B89B-4A14-B680-7FFE2F2D8E78}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 

"{C3CF9875-83FA-4AB0-9BD1-8FC056330F48}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{CB90D1BF-D8EE-4A0C-8CCF-1477DEFC1B4B}" = dir=in | name=the espn app | 

"{CD7A5D82-5642-47AD-A966-70B63731AE0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{CDC9120B-F300-4A37-8479-7686DEE40F97}" = dir=in | name=rara music | 

"{D1DF345D-31E0-4732-87C8-786EDC9C0FC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D3A1CAE5-62BE-4575-90DA-6A0BC6A47E1B}" = dir=out | name=lenovo companion | 

"{D6437A5C-D351-4972-B390-7826159F3FF3}" = dir=out | name=check point vpn | 

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 

"{DC5C80E5-279F-4C7D-9DB2-462EF619243F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E1E0EBBF-6B5E-44D5-A973-32664FDA1A12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{E6D7F0D2-7006-43B7-89CD-B7483486A564}" = dir=out | name=lenovo support | 

"{EB925022-5DCE-4733-BBA8-33922BE8FB84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 

"{ED80D08D-024C-441F-A4F8-A1856CD045C0}" = protocol=17 | dir=in | app=c:\users\malisha\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{EE6CB855-524B-4FA2-A87C-0E0129559C12}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{F1D5288B-BB39-46E8-BE53-B05BACEAC5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{F1F9464E-9907-4241-B52A-1AB9F9201E6E}" = dir=out | name=powerdvd for lenovo idea | 

"{F25B6524-0301-4A75-9AFA-A10500262F9C}" = dir=out | name=hp printer control | 

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 

"{FC1E34D3-0C13-4B38-BAD4-45436048228F}" = dir=out | name=the espn app | 

"{FFC994FB-AF21-4B8D-96AA-04B4E87CC1BA}" = dir=out | name=skype | 

"TCP Query User{0A6CF2B9-44F2-462A-9689-ADC0AA9EAD20}C:\users\malisha\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\malisha\appdata\local\temp\gw2.exe | 

"TCP Query User{3CDAE868-61BF-4BC4-8915-5164950533CB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 

"TCP Query User{EEE5B074-6D1E-4433-85C6-02BADE6BA345}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 

"TCP Query User{F2ADA132-B443-4FDE-A579-3C9E84227CDB}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"UDP Query User{627068B1-57F9-418F-990C-40EC4BC9A3A4}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"UDP Query User{9AFC20F4-025C-477C-9EFD-A5208FEB7A65}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 

"UDP Query User{B2681DE8-38B4-4E40-893B-B4078256E331}C:\users\malisha\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\malisha\appdata\local\temp\gw2.exe | 

"UDP Query User{E7C72787-FD2C-46C2-8361-10C659ADD061}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{72D264E5-0C44-42DF-820B-621303E5C183}" = Nitro Pro 7

"{7EBF5FF6-B7DB-4F76-942F-BE330F53C3F1}" = MathXpert Calculus Assistant (with Webgrades)

"{89D2FA50-6002-4AFB-8586-3E38B355E891}" = Intel® PROSet/Wireless WiFi Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English

"{AC2165BD-762D-420B-AD33-20FACAA7112B}" = SolidWorks eDrawings 2013 x64 Edition SP03

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.02

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.02

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 7.2.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 7.2.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.1

"{B6B5EA7E-B91F-443D-A958-B0062FB53804}" = SolidWorks 2013 x64 Edition SP03

"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes

"{D638A23C-5C5F-4B71-A354-EC78B2BDD320}" = HP Deskjet 1050 J410 series Product Improvement Study

"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel® WiDi

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F294770E-F869-400F-81C3-614B5F13CA54}" = HP Deskjet 1050 J410 series Basic Device Software

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)

"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)

"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Win8 x64Components_is1" = Win8 x64Components v1.3.9

"WinRAR archiver" = WinRAR 4.20 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX

"{3DF474D5-1D41-43B5-BEA7-7E320542FD61}" = Shopop

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{898E81AD-6DB9-4750-866B-B8958C5DC7AA}" = win8codecs

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{BE905C46-2B34-4D73-AEE1-769ED138E0FF}" = Virtual Router v1.0

"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar

"{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10

"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera

"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"CDisplayEx_is1" = CDisplayEx 1.8

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"DivX Setup" = DivX Setup

"FileASSASSIN" = FileASSASSIN

"Google Chrome" = Google Chrome

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10

"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide

"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center

"Lenovo Photos" = Lenovo Photos

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Opera 12.16.1860" = Opera 12.16

"Revo Uninstaller" = Revo Uninstaller 1.94

"SolidWorks Installation Manager 20130-40300-1100-100" = SolidWorks 2013 x64 Edition SP03

"Steam App 72850" = The Elder Scrolls V: Skyrim

"SugarSync" = SugarSync Manager

"VLC media player" = VLC media player 2.1.2

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-864825927-220348576-1205547705-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 9/7/2013 5:34:46 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1241594

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 2

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 3

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 4

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 5

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 6

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 7

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 8

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 9

 

Error - 9/7/2013 8:15:59 PM | Computer Name = Lashonda | Source = Bonjour Service | ID = 100

Description = ERROR: handle_resolve_request bad interfaceIndex 10

 

[ System Events ]

Error - 12/20/2013 2:22:44 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/22/2013 2:00:01 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/23/2013 7:24:00 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/24/2013 4:31:44 AM | Computer Name = Lashonda | Source = DCOM | ID = 10001

Description = 

 

Error - 12/24/2013 2:00:01 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/25/2013 2:17:11 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/26/2013 2:41:11 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/27/2013 6:33:45 AM | Computer Name = Lashonda | Source = DCOM | ID = 10001

Description = 

 

Error - 12/27/2013 2:03:45 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

Error - 12/28/2013 3:00:12 PM | Computer Name = Lashonda | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

  IE - HKU\S-1-5-21-864825927-220348576-1205547705-1002\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC470FD0F-C16B-4C11-BBAC-79E58EE519C0&q={searchTerms}&SSPV=

  O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found

  [2014/01/08 20:37:34 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\cache

  [2014/01/08 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\SearchProtect

  [2014/01/08 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\genienext

  [2014/01/08 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Malisha\Documents\Mobogenie

  [2014/01/08 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Local\Mobogenie

  [2014/01/06 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Malisha\AppData\Roaming\uTorrent

  [2014/01/09 01:03:11 | 000,000,000 | ---D | M] -- C:\Users\Malisha\AppData\Roaming\uTorrent

  :files

  ipconfig /flushdns /c

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.
• Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

  Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

  In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL Fix log
  • Malwarebytes' Anti-Malware log

[WildBaconBill]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 8.1 x64

Ran by Malisha on Fri 01/10/2014 at  9:42:38.82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Malisha\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Malisha\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"

Failed to delete: [File] "C:\end"

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\Users\Malisha\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\Malisha\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Malisha\appdata\local\searchprotect"

Successfully deleted: [Folder] "C:\Users\Malisha\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\Malisha\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Malisha\appdata\locallow\conduit"

Failed to delete: [Folder] "C:\Program Files (x86)\coupons"

Failed to delete: [Folder] "C:\Program Files (x86)\iminent"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 01/10/2014 at  9:47:19.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.016 - Report created 10/01/2014 at 09:50:56

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Malisha - LASHONDA

# Running from : C:\Users\Malisha\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

Folder Deleted : C:\Program Files (x86)\Iminent

Folder Deleted : C:\Users\Malisha\AppData\Local\Mobogenie

Folder Deleted : C:\Users\Malisha\AppData\Local\Temp\Smartbar

Folder Deleted : C:\Users\Malisha\Documents\Mobogenie

File Deleted : C:\END

File Deleted : C:\WINDOWS\System32\roboot64.exe

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage

File Deleted : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal

File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector

File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup

File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16384

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [6352 octets] - [10/01/2014 09:49:17]

AdwCleaner[s0].txt - [6243 octets] - [10/01/2014 09:50:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6303 octets] ##########

 

[WildBaconBill]

All processes killed

========== OTL ==========

HKEY_USERS\S-1-5-21-864825927-220348576-1205547705-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-864825927-220348576-1205547705-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon not found.

C:\Users\Malisha\AppData\Local\cache folder moved successfully.

Folder C:\Users\Malisha\AppData\Local\SearchProtect\ not found.

C:\Users\Malisha\AppData\Local\genienext folder moved successfully.

Folder C:\Users\Malisha\Documents\Mobogenie\ not found.

Folder C:\Users\Malisha\AppData\Local\Mobogenie\ not found.

C:\Users\Malisha\AppData\Roaming\uTorrent folder moved successfully.

Folder C:\Users\Malisha\AppData\Roaming\uTorrent\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Malisha\Downloads\cmd.bat deleted successfully.

C:\Users\Malisha\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default.migrated

 

User: Malisha

->Temp folder emptied: 899535637 bytes

->Temporary Internet Files folder emptied: 226171722 bytes

->Google Chrome cache emptied: 467788313 bytes

->Opera cache emptied: 55870057 bytes

->Flash cache emptied: 8864 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 14245051 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,587.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01102014_095711

 

Files\Folders moved on Reboot...

C:\Users\Malisha\AppData\Local\Temp\winstore.log moved successfully.

C:\Users\Malisha\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2014.01.10.05

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

Malisha :: LASHONDA [administrator]

 

Protection: Enabled

 

1/10/2014 10:03:25 AM

mbam-log-2014-01-10 (10-03-25).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 238746

Time elapsed: 5 minute(s), 8 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

[Maniac]

How are things now?

[WildBaconBill]

The PC is working well and it is a little more responsive. Shopop is still mentioned in the list of programs installed. I haven't done anything other than the instructions you listed.

[Maniac]

Try to uninstall it.

[WildBaconBill]

Just tried. Got the same response. It wont't uninstall.

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :reg

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

  "{3DF474D5-1D41-43B5-BEA7-7E320542FD61}" =-

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[WildBaconBill]

All processes killed

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3DF474D5-1D41-43B5-BEA7-7E320542FD61} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default.migrated

 

User: Malisha

->Temp folder emptied: 322744 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Google Chrome cache emptied: 361777045 bytes

->Opera cache emptied: 1193749 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 29325 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 346.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01112014_105744

 

Files\Folders moved on Reboot...

C:\Users\Malisha\AppData\Local\Temp\winstore.log moved successfully.

C:\Users\Malisha\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

C:\WINDOWS\temp\winstore.log moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[WildBaconBill]

My PC is not letting me run Combofix. Has the same problem as DDS. Says it cannot run on compatibility mode.

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

  "{3DF474D5-1D41-43B5-BEA7-7E320542FD61}" =-

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[WildBaconBill]

All processes killed

========== OTL ==========

File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default.migrated

 

User: Malisha

->Temp folder emptied: 59498 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Google Chrome cache emptied: 368377523 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 57307 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 351.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01132014_102803

 

Files\Folders moved on Reboot...

C:\Users\Malisha\AppData\Local\Temp\winstore.log moved successfully.

C:\Users\Malisha\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[WildBaconBill]

So, what are we going to do now?

[Maniac]

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[WildBaconBill]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03

Ran by Malisha (administrator) on LASHONDA on 16-01-2014 10:58:58

Running from C:\Users\Malisha\Downloads

Windows 8.1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\setup.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe

(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Spotify Ltd) C:\Users\Malisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-09-13] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-13] (Realtek Semiconductor)

HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-26] (Synaptics)

HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)

HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-25] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-25] (Lenovo(beijing) Limited)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-26] (Synaptics Incorporated)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)

HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [intellingentTouchpad] - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743136 2013-05-29] (Wondershare)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Malisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199000 2013-02-26] (Spotify Ltd)

HKCU\...\Run: [Google Update] - C:\Users\Malisha\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-12] (Google Inc.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-08] (Valve Corporation)

HKCU\...\Run: [GoogleChromeAutoLaunch_C65211AA77509B2C6D1BFDADC8D3ECB2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)

HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)

AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

Startup: C:\Users\Malisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Malisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

SearchScopes: HKLM - DefaultScope {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM - {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - DefaultScope {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA} URL = 

SearchScopes: HKCU - {BD586D65-F4EA-46BC-AFC2-30DFDBBB00BA} URL = 

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll No File

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll No File

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )

CHR Extension: (Chrome Refresh) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0 [2013-01-13]

CHR Extension: (Google Drive) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2012-11-30]

CHR Extension: (YouTube) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-10]

CHR Extension: (Google Search) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-28]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0 [2013-12-18]

CHR Extension: (StayFocusd) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0 [2013-12-09]

CHR Extension: (Hangouts) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0 [2013-12-17]

CHR Extension: (Google Wallet) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]

CHR Extension: (Auto Refresh Plus) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.23_0 [2013-12-19]

CHR Extension: (Gmail) - C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2012-11-30]

CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Malisha\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-30]

CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Malisha\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-11-30]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]

 

==================== Services (Whitelisted) =================

 

U2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

U2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)

U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)

U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)

U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()

U2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-15] (Nitro PDF Software)

U2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)

U2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com))

U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

U3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)

U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)

U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

U3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)

U3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)

U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

U3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)

U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)

U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-26] (Synaptics Incorporated)

U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

U3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

U2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

U3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-16 10:58 - 2014-01-16 10:59 - 00020543 _____ C:\Users\Malisha\Downloads\FRST.txt

2014-01-16 10:58 - 2014-01-16 10:58 - 00000000 ____D C:\FRST

2014-01-16 10:57 - 2014-01-16 10:57 - 00003691 _____ C:\Users\Malisha\Desktop\FRST64 - Shortcut.lnk

2014-01-16 10:56 - 2014-01-16 10:56 - 02076160 _____ (Farbar) C:\Users\Malisha\Downloads\FRST64.exe

2014-01-15 16:10 - 2013-12-08 16:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2014-01-15 16:10 - 2013-11-27 07:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2014-01-15 16:10 - 2013-11-27 03:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe

2014-01-15 16:10 - 2013-11-27 02:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll

2014-01-15 16:10 - 2013-11-27 01:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll

2014-01-15 16:10 - 2013-11-27 00:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 16:10 - 2013-11-27 00:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll

2014-01-15 16:10 - 2013-11-27 00:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 16:10 - 2013-11-27 00:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll

2014-01-15 16:10 - 2013-11-27 00:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-01-15 16:10 - 2013-11-27 00:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-01-12 12:21 - 2014-01-12 12:21 - 00000995 _____ C:\Users\Malisha\Desktop\ComboFix - Shortcut.lnk

2014-01-12 12:20 - 2014-01-12 12:20 - 05164834 _____ (Swearware) C:\Users\Malisha\Downloads\ComboFix.exe

2014-01-10 10:01 - 2014-01-10 10:01 - 00005390 _____ C:\Users\Malisha\Desktop\01102014_095711.log

2014-01-10 09:57 - 2014-01-10 09:57 - 00000000 ____D C:\_OTL

2014-01-10 09:54 - 2014-01-10 09:54 - 00006447 _____ C:\Users\Malisha\Desktop\AdwCleaner[s0].txt

2014-01-10 09:49 - 2014-01-10 09:51 - 00000000 ____D C:\AdwCleaner

2014-01-10 09:48 - 2014-01-10 09:48 - 01233962 _____ C:\Users\Malisha\Downloads\AdwCleaner.exe

2014-01-10 09:47 - 2014-01-10 09:47 - 00004619 _____ C:\Users\Malisha\Desktop\JRT.txt

2014-01-10 09:42 - 2014-01-10 09:42 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-10 09:41 - 2014-01-10 09:42 - 01037068 _____ (Thisisu) C:\Users\Malisha\Downloads\JRT.exe

2014-01-09 09:54 - 2014-01-09 09:54 - 00076764 _____ C:\Users\Malisha\Downloads\Extras.Txt

2014-01-09 09:53 - 2014-01-09 09:53 - 00125472 _____ C:\Users\Malisha\Downloads\OTL.Txt

2014-01-09 09:45 - 2014-01-09 09:45 - 00602112 _____ (OldTimer Tools) C:\Users\Malisha\Downloads\OTL.exe

2014-01-09 01:28 - 2014-01-09 01:29 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds (1).com

2014-01-09 01:21 - 2014-01-09 01:21 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds.com

2014-01-09 01:21 - 2014-01-09 01:21 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds (1).scr

2014-01-09 01:20 - 2014-01-09 01:20 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds.scr

2014-01-08 23:28 - 2014-01-08 23:28 - 00001078 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk

2014-01-08 23:28 - 2014-01-08 23:28 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2014-01-08 23:19 - 2014-01-08 23:19 - 01440846 _____ C:\Users\Malisha\Downloads\mbam-chameleon-1.62.1.1000.zip

2014-01-08 23:19 - 2014-01-08 23:19 - 00000000 ____D C:\Users\Malisha\Downloads\mbam-chameleon-1.62.1.1000

2014-01-08 23:17 - 2014-01-08 23:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-08 23:16 - 2014-01-08 23:28 - 00000000 ____D C:\Users\Malisha\Desktop\mbar

2014-01-08 21:44 - 2014-01-16 01:29 - 00000000 ____D C:\Users\Malisha\AppData\Roaming\vlc

2014-01-08 21:44 - 2014-01-08 21:44 - 00001093 _____ C:\Users\Public\Desktop\VLC media player.lnk

2014-01-08 21:43 - 2014-01-08 21:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2014-01-08 21:36 - 2014-01-08 21:36 - 24097311 _____ C:\Users\Malisha\Downloads\vlc-2.1.2-win32.exe

2014-01-08 20:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe

2014-01-08 20:38 - 2014-01-08 20:38 - 00923784 _____ (CNET Download.com) C:\Users\Malisha\Downloads\cbsidlm-cbsi145-Free_MKV_Player-SEO-75978742 (1).exe

2014-01-08 20:37 - 2014-01-08 20:37 - 00000000 ____D C:\Users\Malisha\.android

2014-01-08 20:37 - 2014-01-08 20:37 - 00000000 _____ C:\Users\Malisha\daemonprocess.txt

2014-01-08 20:35 - 2014-01-08 20:35 - 00923784 _____ (CNET Download.com) C:\Users\Malisha\Downloads\cbsidlm-cbsi145-Free_MKV_Player-SEO-75978742.exe

2014-01-06 22:40 - 2014-01-06 22:41 - 41404760 _____ (Apple Inc.) C:\Users\Malisha\Downloads\QuickTimeInstaller.exe

2014-01-06 16:52 - 2014-01-06 16:52 - 00234001 _____ C:\Users\Malisha\Downloads\708538C21E071B131A357E0F5E626D35DB391DCF (1).torrent

2014-01-06 16:51 - 2014-01-06 16:51 - 00234061 _____ C:\Users\Malisha\Downloads\Code_Geass_[720p,BluRay,x264]_-_gg-THORA.torrent

2014-01-06 16:40 - 2014-01-06 21:54 - 00000000 ____D C:\Users\Malisha\Downloads\Code_Geass_[720p,BluRay,x264]_-_gg-THORA

2014-01-06 16:39 - 2014-01-06 16:39 - 00234001 _____ C:\Users\Malisha\Downloads\708538C21E071B131A357E0F5E626D35DB391DCF.torrent

2014-01-06 16:38 - 2014-01-06 16:38 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC) (2).torrent

2014-01-06 16:37 - 2014-01-06 16:37 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC) (1).torrent

2014-01-06 16:33 - 2014-01-06 16:33 - 01340496 _____ (BitTorrent Inc.) C:\Users\Malisha\Downloads\utorrent.exe

2014-01-06 16:32 - 2014-01-06 16:32 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC).torrent

2013-12-19 14:31 - 2013-12-29 19:33 - 00010698 _____ C:\Users\Malisha\Documents\just cause 2 completion.xlsx

 

==================== One Month Modified Files and Folders =======

 

2014-01-16 10:59 - 2014-01-16 10:58 - 00020543 _____ C:\Users\Malisha\Downloads\FRST.txt

2014-01-16 10:58 - 2014-01-16 10:58 - 00000000 ____D C:\FRST

2014-01-16 10:58 - 2012-11-30 17:58 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-864825927-220348576-1205547705-1002

2014-01-16 10:57 - 2014-01-16 10:57 - 00003691 _____ C:\Users\Malisha\Desktop\FRST64 - Shortcut.lnk

2014-01-16 10:56 - 2014-01-16 10:56 - 02076160 _____ (Farbar) C:\Users\Malisha\Downloads\FRST64.exe

2014-01-16 10:53 - 2013-10-19 17:37 - 00000000 __RDO C:\Users\Malisha\SkyDrive

2014-01-16 10:53 - 2013-10-19 16:49 - 01467777 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-16 10:53 - 2012-11-30 20:39 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-16 10:52 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\sru

2014-01-16 10:31 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-16 10:30 - 2013-08-22 05:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2014-01-16 10:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\WinStore

2014-01-16 02:45 - 2012-10-25 00:10 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-16 02:25 - 2013-09-12 21:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002UA.job

2014-01-16 02:14 - 2012-11-30 20:39 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-16 01:50 - 2012-12-03 21:52 - 00698880 ___SH C:\Users\Malisha\Downloads\Thumbs.db

2014-01-16 01:29 - 2014-01-08 21:44 - 00000000 ____D C:\Users\Malisha\AppData\Roaming\vlc

2014-01-15 18:25 - 2013-09-12 21:10 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002Core.job

2014-01-15 18:24 - 2013-08-15 00:45 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-15 18:22 - 2012-12-15 18:21 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-14 23:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2014-01-13 23:43 - 2013-08-22 06:46 - 00341627 _____ C:\WINDOWS\setupact.log

2014-01-12 12:21 - 2014-01-12 12:21 - 00000995 _____ C:\Users\Malisha\Desktop\ComboFix - Shortcut.lnk

2014-01-12 12:20 - 2014-01-12 12:20 - 05164834 _____ (Swearware) C:\Users\Malisha\Downloads\ComboFix.exe

2014-01-10 10:01 - 2014-01-10 10:01 - 00005390 _____ C:\Users\Malisha\Desktop\01102014_095711.log

2014-01-10 09:57 - 2014-01-10 09:57 - 00000000 ____D C:\_OTL

2014-01-10 09:54 - 2014-01-10 09:54 - 00006447 _____ C:\Users\Malisha\Desktop\AdwCleaner[s0].txt

2014-01-10 09:51 - 2014-01-10 09:49 - 00000000 ____D C:\AdwCleaner

2014-01-10 09:48 - 2014-01-10 09:48 - 01233962 _____ C:\Users\Malisha\Downloads\AdwCleaner.exe

2014-01-10 09:47 - 2014-01-10 09:47 - 00004619 _____ C:\Users\Malisha\Desktop\JRT.txt

2014-01-10 09:42 - 2014-01-10 09:42 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-10 09:42 - 2014-01-10 09:41 - 01037068 _____ (Thisisu) C:\Users\Malisha\Downloads\JRT.exe

2014-01-09 17:49 - 2012-11-30 17:50 - 00000000 ____D C:\Users\Malisha\AppData\Local\Packages

2014-01-09 09:54 - 2014-01-09 09:54 - 00076764 _____ C:\Users\Malisha\Downloads\Extras.Txt

2014-01-09 09:53 - 2014-01-09 09:53 - 00125472 _____ C:\Users\Malisha\Downloads\OTL.Txt

2014-01-09 09:45 - 2014-01-09 09:45 - 00602112 _____ (OldTimer Tools) C:\Users\Malisha\Downloads\OTL.exe

2014-01-09 01:29 - 2014-01-09 01:28 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds (1).com

2014-01-09 01:21 - 2014-01-09 01:21 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds.com

2014-01-09 01:21 - 2014-01-09 01:21 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds (1).scr

2014-01-09 01:20 - 2014-01-09 01:20 - 00688992 _____ (Swearware) C:\Users\Malisha\Downloads\dds.scr

2014-01-09 01:05 - 2013-12-04 14:40 - 00000000 ____D C:\Program Files (x86)\Virtual Router

2014-01-08 23:28 - 2014-01-08 23:28 - 00001078 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk

2014-01-08 23:28 - 2014-01-08 23:28 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2014-01-08 23:28 - 2014-01-08 23:16 - 00000000 ____D C:\Users\Malisha\Desktop\mbar

2014-01-08 23:19 - 2014-01-08 23:19 - 01440846 _____ C:\Users\Malisha\Downloads\mbam-chameleon-1.62.1.1000.zip

2014-01-08 23:19 - 2014-01-08 23:19 - 00000000 ____D C:\Users\Malisha\Downloads\mbam-chameleon-1.62.1.1000

2014-01-08 23:18 - 2014-01-08 23:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-08 22:43 - 2013-10-25 15:33 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-08 21:44 - 2014-01-08 21:44 - 00001093 _____ C:\Users\Public\Desktop\VLC media player.lnk

2014-01-08 21:43 - 2014-01-08 21:43 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2014-01-08 21:36 - 2014-01-08 21:36 - 24097311 _____ C:\Users\Malisha\Downloads\vlc-2.1.2-win32.exe

2014-01-08 21:30 - 2012-11-30 17:51 - 00000000 ___RD C:\Users\Malisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-08 21:23 - 2013-09-29 19:55 - 00370260 _____ C:\WINDOWS\PFRO.log

2014-01-08 20:38 - 2014-01-08 20:38 - 00923784 _____ (CNET Download.com) C:\Users\Malisha\Downloads\cbsidlm-cbsi145-Free_MKV_Player-SEO-75978742 (1).exe

2014-01-08 20:37 - 2014-01-08 20:37 - 00000000 ____D C:\Users\Malisha\.android

2014-01-08 20:37 - 2014-01-08 20:37 - 00000000 _____ C:\Users\Malisha\daemonprocess.txt

2014-01-08 20:37 - 2013-10-19 16:56 - 00000000 ____D C:\Users\Malisha

2014-01-08 20:35 - 2014-01-08 20:35 - 00923784 _____ (CNET Download.com) C:\Users\Malisha\Downloads\cbsidlm-cbsi145-Free_MKV_Player-SEO-75978742.exe

2014-01-06 22:56 - 2013-04-18 17:55 - 00000000 ____D C:\Users\Malisha\AppData\Local\Apple Computer

2014-01-06 22:41 - 2014-01-06 22:40 - 41404760 _____ (Apple Inc.) C:\Users\Malisha\Downloads\QuickTimeInstaller.exe

2014-01-06 21:54 - 2014-01-06 16:40 - 00000000 ____D C:\Users\Malisha\Downloads\Code_Geass_[720p,BluRay,x264]_-_gg-THORA

2014-01-06 16:52 - 2014-01-06 16:52 - 00234001 _____ C:\Users\Malisha\Downloads\708538C21E071B131A357E0F5E626D35DB391DCF (1).torrent

2014-01-06 16:51 - 2014-01-06 16:51 - 00234061 _____ C:\Users\Malisha\Downloads\Code_Geass_[720p,BluRay,x264]_-_gg-THORA.torrent

2014-01-06 16:39 - 2014-01-06 16:39 - 00234001 _____ C:\Users\Malisha\Downloads\708538C21E071B131A357E0F5E626D35DB391DCF.torrent

2014-01-06 16:38 - 2014-01-06 16:38 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC) (2).torrent

2014-01-06 16:37 - 2014-01-06 16:37 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC) (1).torrent

2014-01-06 16:33 - 2014-01-06 16:33 - 01340496 _____ (BitTorrent Inc.) C:\Users\Malisha\Downloads\utorrent.exe

2014-01-06 16:32 - 2014-01-06 16:32 - 00226895 _____ C:\Users\Malisha\Downloads\(AnimeOut) Code Geass Lelouch of the Rebellion (720p BD 90MB)(OZC).torrent

2014-01-06 14:31 - 2013-08-22 07:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-01-06 14:31 - 2013-08-22 07:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-29 19:33 - 2013-12-19 14:31 - 00010698 _____ C:\Users\Malisha\Documents\just cause 2 completion.xlsx

2013-12-29 10:08 - 2013-07-18 01:16 - 00000000 ____D C:\WINDOWS\SysWOW64\NV

2013-12-29 10:08 - 2013-07-18 01:16 - 00000000 ____D C:\WINDOWS\system32\NV

2013-12-18 18:04 - 2013-08-25 10:45 - 00000000 ____D C:\Users\Malisha\Documents\philosophy

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-13 16:55

 

==================== End Of Log ============================

[WildBaconBill]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03

Ran by Malisha at 2014-01-16 11:00:21

Running from C:\Users\Malisha\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)

Amazon Browser App (x32 Version: 1.0.0.0 - Amazon)

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)

Bing Bar (x32 Version: 7.2.241.0 - Microsoft Corporation)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (Version: 3.0.0.10 - Apple Inc.)

CDisplayEx 1.8 (x32 Version:  - Henri Gourvest.)

Coupon Printer for Windows (x32 Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

DivX Setup (x32 Version: 2.6.1.24 - DivX, LLC)

Dolby Home Theater v4 (x32 Version: 7.2.8000.16 - Dolby Laboratories Inc)

Energy Management (x32 Version: 8.0.2.4 - Lenovo)

Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden

Evernote v. 4.6 (x32 Version: 4.6.0.7670 - Evernote Corp.)

FileASSASSIN (x32 Version: 1.06 - Malwarebytes)

FreeRide Games (x32 Version: 07.05.79.00 - Exent Technologies)

Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)

Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

HP Deskjet 1050 J410 series Basic Device Software (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (x32 Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (x32 Version: 1.0.0.7702 - HP)

HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)

Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel® WiDi (Version: 3.5.34.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 15.05.2000.1462 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Intelligent Touchpad (x32 Version: 2.00.0012.0723 - Lenovo)

iTunes (Version: 11.1.3.8 - Apple Inc.)

JMicron Flash Media Controller Driver (x32 Version: 1.0.71.1 - JMicron Technology Corp.)

Lenovo Bluetooth with Enhanced Data Rate Software (Version: 12.0.0.2200 - Broadcom Corporation)

Lenovo EasyCamera (x32 Version: 6.1.7600.167 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (x32 Version: 8.0.0.0828 - CyberLink Corp.)

Lenovo Photos (x32 Version:  - CEWE COLOR AG u Co. OHG)

Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden

Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100 - Malwarebytes Corporation)

MathXpert Calculus Assistant (with Webgrades) (Version: 5.0 - Help With Math)

Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden

Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden

Nitro Pro 7 (Version: 7.4.1.21 - Nitro PDF Software)

NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 1.6 (Version: 1.6 - NVIDIA Corporation)

NVIDIA Graphics Driver 327.02 (Version: 327.02 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Optimus 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)

NVIDIA Update 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 7.2.17 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1 - NVIDIA Corporation)

Onekey Theater (x32 Version: 3.0.0.9 - Lenovo)

Opera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA)

Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.94 (x32 Version: 1.94 - VS Revo Group)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shared C Run-time for x64 (Version: 10.0.0 - McAfee)

SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden

Shopop (x32 Version: 10.203.68.14274 - My Pop Shop Ltd.)

SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden

SolidWorks 2013 x64 Edition SP03 (x32 Version: 21.3.0.60 - SolidWorks Corporation)

SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden

Spotify (HKCU Version: 0.8.5.1356.gd1d40f3a - Spotify AB)

Steam (x32 Version: 1.0.0.0 - Valve Corporation)

SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 16.2.10.13 - Synaptics Incorporated)

The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

UserGuide (x32 Version: 1.0.0.9 - Lenovo)

UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Virtual Router v1.0 (x32 Version: 1.0 - Chris Pietschmann)

VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)

Win8 x64Components v1.3.9 (Version: 1.3.9 - Shark007)

win8codecs (x32 Version: 1.3.9 - Shark007)

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)

WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

31-12-2013 02:00:21 Scheduled Checkpoint

07-01-2014 06:43:01 Installed QuickTime

15-01-2014 19:07:22 Windows Update

 

==================== Hosts content: ==========================

 

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {1522ADBE-E80E-42B6-A451-92DBA2182D02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23B8E779-28EB-4712-A099-1601D9E722F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002UA => C:\Users\Malisha\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {2F7A0264-DC59-4A9C-8561-1AFC8F96AFEC} - \RegClean Pro No Task File

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

Task: {3A5A8C67-F4F5-4276-AFC1-ACFF9FE5EB7C} - \Advanced System Protector No Task File

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {4702176C-B7F5-4296-996B-7B539290A482} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {590F4666-F02D-4901-8640-110EB527D44F} - \Advanced System Protector_startup No Task File

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {6E634D9A-B849-4BC0-A383-F07A4DFF63DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-30] (Google Inc.)

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {835F969C-4A0A-4B7B-B1F1-8FEA82C3C91B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002Core => C:\Users\Malisha\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DEF5E7D2-FE66-4595-B4EA-7C9D265A4E90} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {E42F118E-F69F-4934-953E-1B53F7F88D2A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-15] (Microsoft Corporation)

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {ED314555-FFA7-4186-BED5-89853259BE33} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-26] (Synaptics Incorporated)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002Core.job => C:\Users\Malisha\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-864825927-220348576-1205547705-1002UA.job => C:\Users\Malisha\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-07-15 23:49 - 2012-07-15 23:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll

2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-09-06 14:53 - 2012-09-06 14:53 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll

2013-03-28 21:34 - 2013-03-28 21:34 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-20 17:57 - 2013-10-20 17:57 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\ac9051224fb9ea93a8050e1a9727f31d\PSIClient.ni.dll

2012-10-25 00:16 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-01-15 22:15 - 2014-01-11 02:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll

2014-01-15 22:15 - 2014-01-11 02:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll

2013-02-12 18:38 - 2013-02-12 18:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2014-01-15 22:15 - 2014-01-11 02:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll

2014-01-15 22:15 - 2014-01-11 02:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll

2014-01-15 22:15 - 2014-01-11 02:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

2013-12-17 15:24 - 2013-12-17 15:24 - 00181760 _____ () C:\Users\Malisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1211.433.2_0\plugin\ace.dll

2014-01-15 22:15 - 2014-01-11 02:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\Malisha\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: USB-IF xHCI USB Host Controller

Description: USB-IF xHCI USB Host Controller

Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}

Manufacturer: Intel Corporation

Service: XHCIPort

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Could not start eventlog service, could not read events.

 

The requested service has already been started.

 

More help is available by typing NET HELPMSG 2182.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 29%

Total physical RAM: 8057.77 MB

Available physical RAM: 5647.97 MB

Total Pagefile: 9337.77 MB

Available Pagefile: 6631.32 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:789.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.4 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 77DD2055)

 

Partition: GPT Partition Type

==================== End Of Log ============================

[Maniac]

Check the answer here:

http://answers.microsoft.com/en-us/windows/forum/windows_8-windows_install/get-error-1723-there-is-a-problem-with-windows/3d68fc4b-c968-4796-a270-27027a52de3f

[WildBaconBill]

I attempted the solution, but I could not find the folders that said Appdata or local. So, I followed the rest of the steps and gave myself all the rights to certain files, I tried to uninstall shopop again. Then malwarebytes quarantined a PUP. 

[Maniac]

Well done!

Last steps:

Step 1

• Download OTL to your desktop and run it.
• Click on CleanUp button.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes

Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!