Jump to content

Recommended Posts

Hello,

My computer which is running Windows 8.0 has been infected with Cryptowall 3.0.  I ran a scan with Malwarebytes Anti-Malware and deleted the malware it identified.  However, Crytpwall 3.0 is still there and its info pops up, including the HELP_Decrypt - Notepad, when I turn on the computer.  It also tries to contact various domains such as ff1493.com using the process C:\windows\sysWOW64\dllhost.exe but Malwarebytes is blocking it.  I ran the Farbar Recovery Scan Tool recommended on your site and have included the two logs below.  I would greatly appreciate any help you can provide in eliminating Crytowall and making my computer clean and secure again.  One last question.  I realize that I have likely lost all my documents since they are encrypted.  However when I open a WORD document, a dialog box indicates that the file is corrupted and states to click YES if I want to recover the document if I trust the source.  Is there any harm in doing this?  Thank you for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Craig (administrator) on CRAIG-PC on 01-02-2015 15:27:24
Running from C:\Users\Craig\Desktop
Loaded Profiles: Craig (Available profiles: Craig)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\windows\SysWOW64\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-11-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [intellingentTouchpad] => C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe [673336 2012-07-23] (Microsoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-965705458-2573283983-765797531-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/xwad75
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-965705458-2573283983-765797531-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-965705458-2573283983-765797531-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-965705458-2573283983-765797531-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-965705458-2573283983-765797531-1001 -> DefaultScope {66946F74-4DF6-433D-A1C6-5E345972826C} URL =
SearchScopes: HKU\S-1-5-21-965705458-2573283983-765797531-1001 -> {66946F74-4DF6-433D-A1C6-5E345972826C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252600 2012-08-17] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-17] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [164152 2012-08-17] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-07] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 15:26 - 2015-02-01 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-01 14:52 - 2015-02-01 14:52 - 00052511 _____ () C:\Users\Craig\Desktop\Addition.txt
2015-02-01 14:51 - 2015-02-01 15:27 - 00018421 _____ () C:\Users\Craig\Desktop\FRST.txt
2015-02-01 14:51 - 2015-02-01 15:27 - 00000000 ____D () C:\FRST
2015-02-01 14:50 - 2015-02-01 14:50 - 02131456 _____ (Farbar) C:\Users\Craig\Desktop\FRST64.exe
2015-02-01 14:46 - 2015-02-01 14:46 - 02131456 _____ (Farbar) C:\Users\Craig\Downloads\FRST64 (3).exe
2015-02-01 14:45 - 2015-02-01 14:45 - 02131456 _____ (Farbar) C:\Users\Craig\Downloads\FRST64 (2).exe
2015-02-01 14:45 - 2015-02-01 14:45 - 02131456 _____ (Farbar) C:\Users\Craig\Downloads\FRST64 (1).exe
2015-02-01 14:39 - 2015-02-01 14:39 - 02131456 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe
2015-01-31 17:36 - 2015-02-01 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 17:36 - 2015-01-31 17:36 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 17:36 - 2015-01-31 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 17:36 - 2015-01-31 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 17:36 - 2015-01-31 17:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 17:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-31 17:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-31 17:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-30 17:49 - 2015-01-30 17:49 - 00008528 _____ () C:\Users\Craig\HELP_DECRYPT.HTML
2015-01-30 17:49 - 2015-01-30 17:49 - 00008528 _____ () C:\Users\Craig\Desktop\HELP_DECRYPT.HTML
2015-01-30 17:49 - 2015-01-30 17:49 - 00004204 _____ () C:\Users\Craig\HELP_DECRYPT.TXT
2015-01-30 17:49 - 2015-01-30 17:49 - 00004204 _____ () C:\Users\Craig\Desktop\HELP_DECRYPT.TXT
2015-01-30 17:49 - 2015-01-30 17:49 - 00000272 _____ () C:\Users\Craig\HELP_DECRYPT.URL
2015-01-30 17:49 - 2015-01-30 17:49 - 00000272 _____ () C:\Users\Craig\Desktop\HELP_DECRYPT.URL
2015-01-30 17:48 - 2015-01-30 17:48 - 00008528 _____ () C:\Users\Craig\Downloads\HELP_DECRYPT.HTML
2015-01-30 17:48 - 2015-01-30 17:48 - 00008528 _____ () C:\Users\Craig\Documents\HELP_DECRYPT.HTML
2015-01-30 17:48 - 2015-01-30 17:48 - 00004204 _____ () C:\Users\Craig\Downloads\HELP_DECRYPT.TXT
2015-01-30 17:48 - 2015-01-30 17:48 - 00004204 _____ () C:\Users\Craig\Documents\HELP_DECRYPT.TXT
2015-01-30 17:48 - 2015-01-30 17:48 - 00000272 _____ () C:\Users\Craig\Downloads\HELP_DECRYPT.URL
2015-01-30 17:48 - 2015-01-30 17:48 - 00000272 _____ () C:\Users\Craig\Documents\HELP_DECRYPT.URL
2015-01-30 17:45 - 2015-01-30 17:45 - 00008528 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 17:45 - 2015-01-30 17:45 - 00008528 _____ () C:\Users\Craig\AppData\HELP_DECRYPT.HTML
2015-01-30 17:45 - 2015-01-30 17:45 - 00004204 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 17:45 - 2015-01-30 17:45 - 00004204 _____ () C:\Users\Craig\AppData\HELP_DECRYPT.TXT
2015-01-30 17:45 - 2015-01-30 17:45 - 00000272 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 17:45 - 2015-01-30 17:45 - 00000272 _____ () C:\Users\Craig\AppData\HELP_DECRYPT.URL
2015-01-30 17:44 - 2015-01-30 17:44 - 00008528 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.HTML
2015-01-30 17:44 - 2015-01-30 17:44 - 00004204 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.TXT
2015-01-30 17:44 - 2015-01-30 17:44 - 00000272 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.URL
2015-01-30 15:19 - 2015-01-31 14:36 - 00000000 _____ () C:\ProgramData\@system.temp
2015-01-30 15:19 - 2015-01-31 09:24 - 00000400 ____H () C:\ProgramData\@system3.att
2015-01-30 15:18 - 2015-01-31 19:29 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\FrameworkUpdate
2015-01-30 15:18 - 2015-01-30 15:18 - 00000480 ____H () C:\Users\Craig\AppData\Roaming\麽鎒駓覜
2015-01-21 20:00 - 2015-01-31 19:29 - 00000000 ___HD () C:\ProgramData\{9CAD18B2-FF9B-4CCA-8EE0-A4CDA3AD5F51}
2015-01-21 20:00 - 2015-01-21 20:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-15 21:34 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-15 21:34 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-15 21:34 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-15 21:34 - 2014-11-15 01:06 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-01-15 21:34 - 2014-11-15 00:13 - 03286016 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-01-15 21:34 - 2014-11-15 00:13 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-01-15 21:34 - 2014-11-15 00:12 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2015-01-15 21:34 - 2014-11-14 22:54 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-01-15 21:34 - 2014-11-14 22:53 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-01-15 21:34 - 2014-11-14 22:53 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-01-15 21:34 - 2014-11-14 22:53 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-01-15 21:33 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-01-15 21:33 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-01-15 21:33 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-01-15 21:33 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2015-01-15 21:33 - 2014-10-27 17:10 - 00390841 _____ () C:\windows\system32\ApnDatabase.xml
2015-01-15 21:32 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-15 21:32 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-15 21:32 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-15 21:32 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-15 21:32 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-15 21:32 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-15 21:32 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-15 21:32 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-15 21:32 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-15 21:32 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-15 21:32 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-15 21:32 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-15 21:32 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-15 21:32 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-15 21:32 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 15:26 - 2012-11-01 20:02 - 00001839 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-02-01 15:21 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-01 15:20 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-02-01 15:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-31 20:17 - 2012-11-01 20:08 - 02038870 _____ () C:\windows\WindowsUpdate.log
2015-01-31 20:04 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-31 20:01 - 2012-08-01 10:51 - 00030066 _____ () C:\windows\PFRO.log
2015-01-31 19:59 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2015-01-31 16:30 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2015-01-31 09:57 - 2014-12-31 11:01 - 00714240 _____ () C:\Users\Craig\Documents\Primary To Do.xls
2015-01-30 17:49 - 2013-03-14 14:42 - 00000000 ____D () C:\Users\Craig
2015-01-30 17:48 - 2014-02-03 21:06 - 00000000 ____D () C:\Users\Craig\Documents\Wolf
2015-01-30 17:46 - 2013-03-15 20:16 - 00000000 ____D () C:\Users\Craig\Documents\CyberLink
2015-01-30 17:45 - 2013-03-14 16:44 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Nitro PDF
2015-01-30 17:44 - 2013-03-15 20:13 - 00000000 ____D () C:\Users\Craig\AppData\Local\SugarSync
2015-01-30 17:44 - 2013-03-14 14:44 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Adobe
2015-01-30 12:05 - 2013-04-27 15:24 - 00000000 ____D () C:\Users\Craig\AppData\Local\Apple Computer
2015-01-30 09:25 - 2013-03-15 12:52 - 00000000 ____D () C:\Users\Craig\AppData\Local\Windows Live
2015-01-24 15:20 - 2014-11-23 16:33 - 00714176 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-11-23 16:33 - 00106432 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 20:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\migwiz
2015-01-17 20:07 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2015-01-17 16:37 - 2014-01-08 18:48 - 00027792 _____ () C:\Users\Craig\Documents\Cash Flow.xlsx
2015-01-16 12:47 - 2013-08-13 19:16 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 12:42 - 2013-03-15 17:16 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-06 00:39 - 2012-07-26 02:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 00:31 - 2014-10-24 07:07 - 00317584 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-06 00:31 - 2013-03-15 20:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-06 00:31 - 2013-03-15 20:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-01-30 17:45 - 2015-01-30 17:45 - 0008528 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-30 17:45 - 2015-01-30 17:45 - 0045537 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-30 17:45 - 2015-01-30 17:45 - 0004204 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-30 17:45 - 2015-01-30 17:45 - 0000272 _____ () C:\Users\Craig\AppData\Roaming\HELP_DECRYPT.URL
2015-01-30 15:18 - 2015-01-30 15:18 - 0000480 ____H () C:\Users\Craig\AppData\Roaming\麽鎒駓覜
2015-01-30 17:44 - 2015-01-30 17:44 - 0008528 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.HTML
2015-01-30 17:44 - 2015-01-30 17:44 - 0045537 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.PNG
2015-01-30 17:44 - 2015-01-30 17:44 - 0004204 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.TXT
2015-01-30 17:44 - 2015-01-30 17:44 - 0000272 _____ () C:\Users\Craig\AppData\Local\HELP_DECRYPT.URL
2013-03-15 16:43 - 2013-03-15 16:43 - 0007605 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg
2015-01-30 15:19 - 2015-01-31 14:36 - 0000000 _____ () C:\ProgramData\@system.temp
2015-01-30 15:19 - 2015-01-31 09:24 - 0000400 ____H () C:\ProgramData\@system3.att
2012-11-01 19:45 - 2012-11-01 19:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Craig\AppData\Local\Temp\COMAP.EXE
C:\Users\Craig\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Craig\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Craig\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_9c38b337-9d3d-4c47-ae7a-031b66a4f823_TX_PR_.exe
C:\Users\Craig\AppData\Local\Temp\update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-01 03:13

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Craig at 2015-02-01 15:27:52
Running from C:\Users\Craig\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.7 - SunplusIT)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 11.6.507 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-965705458-2573283983-765797531-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-965705458-2573283983-765797531-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Craig\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-01-2015 12:36:08 Windows Update
26-01-2015 18:46:43 Windows Modules Installer
31-01-2015 19:57:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22A7F21B-D9EA-45DE-BFAA-8F7BE6869B75} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {369CE819-B9BE-409E-A54C-8370D23D1C31} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {474A6567-3C4B-47BF-ACFE-972EFD2CE120} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5B0A3E28-77D2-413B-B853-94C2CBD6706E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {6ECF0272-48C6-4178-8158-8F3F8BB99135} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7324074A-CDCD-4140-8850-6545D1B8CEE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {82B68C0C-432A-4844-8BDE-EE981C306AA5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {8F968641-1D87-4BCA-891E-D4F26B95E33E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {B11682E8-30E6-435D-831A-CE70DD91740D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {D0DCE2FB-8666-4A5C-8DB9-AD11007DDB24} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E2B95361-38FE-4549-94D9-F8EDEB1B6A42} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-16] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2014-10-24 17:45 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-17 12:23 - 2012-08-17 12:23 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2014-03-26 20:11 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-22 03:14 - 2012-08-21 02:58 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2010-08-24 09:44 - 2010-08-24 09:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-01 19:26 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-965705458-2573283983-765797531-500 - Administrator - Disabled)
Craig (S-1-5-21-965705458-2573283983-765797531-1001 - Administrator - Enabled) => C:\Users\Craig
Guest (S-1-5-21-965705458-2573283983-765797531-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 02:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelligentTouchpad.exe, version: 1.0.0.0, time stamp: 0x5007b01a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x008108ee
Faulting process id: 0x12b8
Faulting application start time: 0xIntelligentTouchpad.exe0
Faulting application path: IntelligentTouchpad.exe1
Faulting module path: IntelligentTouchpad.exe2
Report Id: IntelligentTouchpad.exe3
Faulting package full name: IntelligentTouchpad.exe4
Faulting package-relative application ID: IntelligentTouchpad.exe5

Error: (02/01/2015 02:14:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelligentTouchpad.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at System.Threading.SynchronizationContext.WaitHelper(IntPtr[], Boolean, Int32)
   at System.Windows.Threading.DispatcherSynchronizationContext.Wait(IntPtr[], Boolean, Int32)
   at System.Threading.SynchronizationContext.InvokeWaitMethodHelper(System.Threading.SynchronizationContext, IntPtr[], Boolean, Int32)
   at System.Threading.WaitHandle.WaitOneNative(System.Runtime.InteropServices.SafeHandle, UInt32, Boolean, Boolean)
   at System.Threading.WaitHandle.InternalWaitOne(System.Runtime.InteropServices.SafeHandle, Int64, Boolean, Boolean)
   at System.Threading.WaitHandle.WaitOne(Int32, Boolean)
   at System.Net.FileWebRequest.GetResponse()
   at MS.Internal.WpfWebRequestHelper.GetResponse(System.Net.WebRequest)
   at System.Windows.Media.ColorContext.Initialize(System.Uri, Boolean)
   at System.Windows.Media.ColorContext..ctor(System.Windows.Media.PixelFormat)
   at System.Windows.Media.Imaging.BitmapSource.CreateCachedBitmap(System.Windows.Media.Imaging.BitmapFrame, System.Windows.Media.Imaging.BitmapSourceSafeMILHandle, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Windows.Media.Imaging.BitmapPalette)
   at System.Windows.Media.Imaging.BitmapFrameDecode.FinalizeCreation()
   at System.Windows.Media.Imaging.BitmapFrameDecode..ctor(Int32, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Windows.Media.Imaging.BitmapDecoder)
   at System.Windows.Media.Imaging.BitmapDecoder.SetupFrames(System.Windows.Media.Imaging.BitmapDecoder, System.Collections.ObjectModel.ReadOnlyCollection`1<System.Windows.Media.Imaging.BitmapFrame>)
   at System.Windows.Media.Imaging.BitmapDecoder.get_Frames()
   at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy)
   at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object)
   at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider)
   at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider)
   at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext)
   at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext)
   at System.Xaml.XamlObjectWriter.WriteEndMember()
   at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader)
   at System.Windows.Markup.WpfXamlLoader.TransformNodes(System.Xaml.XamlReader, System.Xaml.XamlObjectWriter, Boolean, Boolean, Boolean, System.Xaml.IXamlLineInfo, System.Xaml.IXamlLineInfoConsumer, MS.Internal.Xaml.Context.XamlContextStack`1<System.Windows.Markup.WpfXamlFrame>, System.Windows.Markup.IStyleConnector)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadComponent(System.Object, System.Uri)
   at IntelligentTouchpad.ScreenLockUserControl.InitializeComponent()
   at IntelligentTouchpad.ScreenLockUserControl..ctor()
   at IntelligentTouchpad.MainWindow.MainWindow_Loaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   at System.Windows.Window.ShowHelper(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at IntelligentTouchpad.App.Main()

Error: (01/31/2015 07:28:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x39680
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:28:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x39678
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x381d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x38cf4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x38bd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x39004
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x38dbc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/31/2015 07:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: WINMMBASE.dll, version: 6.2.9200.16645, time stamp: 0x51c1096f
Exception code: 0xc0000005
Fault offset: 0x000000000001fa8c
Faulting process id: 0x3852c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (02/01/2015 03:28:01 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:27:30 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:26:59 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:26:28 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:25:57 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:25:26 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:24:55 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:24:24 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:23:53 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2015 03:23:22 PM) (Source: DCOM) (EventID: 10010) (User: Craig-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (02/01/2015 02:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IntelligentTouchpad.exe1.0.0.05007b01aunknown0.0.0.000000000c0000005008108ee12b801d03dbad617e3d4C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exeunknown91c33e7f-aa46-11e4-bed5-20689d7b2288

Error: (02/01/2015 02:14:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelligentTouchpad.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String)
   at IntelligentTouchpad.App.App_DispatcherUnhandledException(System.Object, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs)
   at System.Windows.Threading.Dispatcher.CatchException(System.Exception)
   at System.Windows.Threading.Dispatcher.CatchExceptionStatic(System.Object, System.Exception)
   at System.Windows.Threading.ExceptionWrapper.CatchException(System.Object, System.Exception, System.Delegate)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at System.Threading.SynchronizationContext.WaitHelper(IntPtr[], Boolean, Int32)
   at System.Windows.Threading.DispatcherSynchronizationContext.Wait(IntPtr[], Boolean, Int32)
   at System.Threading.SynchronizationContext.InvokeWaitMethodHelper(System.Threading.SynchronizationContext, IntPtr[], Boolean, Int32)
   at System.Threading.WaitHandle.WaitOneNative(System.Runtime.InteropServices.SafeHandle, UInt32, Boolean, Boolean)
   at System.Threading.WaitHandle.InternalWaitOne(System.Runtime.InteropServices.SafeHandle, Int64, Boolean, Boolean)
   at System.Threading.WaitHandle.WaitOne(Int32, Boolean)
   at System.Net.FileWebRequest.GetResponse()
   at MS.Internal.WpfWebRequestHelper.GetResponse(System.Net.WebRequest)
   at System.Windows.Media.ColorContext.Initialize(System.Uri, Boolean)
   at System.Windows.Media.ColorContext..ctor(System.Windows.Media.PixelFormat)
   at System.Windows.Media.Imaging.BitmapSource.CreateCachedBitmap(System.Windows.Media.Imaging.BitmapFrame, System.Windows.Media.Imaging.BitmapSourceSafeMILHandle, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Windows.Media.Imaging.BitmapPalette)
   at System.Windows.Media.Imaging.BitmapFrameDecode.FinalizeCreation()
   at System.Windows.Media.Imaging.BitmapFrameDecode..ctor(Int32, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Windows.Media.Imaging.BitmapDecoder)
   at System.Windows.Media.Imaging.BitmapDecoder.SetupFrames(System.Windows.Media.Imaging.BitmapDecoder, System.Collections.ObjectModel.ReadOnlyCollection`1<System.Windows.Media.Imaging.BitmapFrame>)
   at System.Windows.Media.Imaging.BitmapDecoder.get_Frames()
   at System.Windows.Media.Imaging.BitmapFrame.CreateFromUriOrStream(System.Uri, System.Uri, System.IO.Stream, System.Windows.Media.Imaging.BitmapCreateOptions, System.Windows.Media.Imaging.BitmapCacheOption, System.Net.Cache.RequestCachePolicy)
   at System.Windows.Media.ImageSourceConverter.ConvertFrom(System.ComponentModel.ITypeDescriptorContext, System.Globalization.CultureInfo, System.Object)
   at System.Windows.Baml2006.TypeConverterMarkupExtension.ProvideValue(System.IServiceProvider)
   at MS.Internal.Xaml.Runtime.ClrObjectRuntime.CallProvideValue(System.Windows.Markup.MarkupExtension, System.IServiceProvider)
   at System.Xaml.XamlObjectWriter.Logic_ProvideValue(MS.Internal.Xaml.Context.ObjectWriterContext)
   at System.Xaml.XamlObjectWriter.Logic_AssignProvidedValue(MS.Internal.Xaml.Context.ObjectWriterContext)
   at System.Xaml.XamlObjectWriter.WriteEndMember()
   at System.Xaml.XamlWriter.WriteNode(System.Xaml.XamlReader)
   at System.Windows.Markup.WpfXamlLoader.TransformNodes(System.Xaml.XamlReader, System.Xaml.XamlObjectWriter, Boolean, Boolean, Boolean, System.Xaml.IXamlLineInfo, System.Xaml.IXamlLineInfoConsumer, MS.Internal.Xaml.Context.XamlContextStack`1<System.Windows.Markup.WpfXamlFrame>, System.Windows.Markup.IStyleConnector)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadComponent(System.Object, System.Uri)
   at IntelligentTouchpad.ScreenLockUserControl.InitializeComponent()
   at IntelligentTouchpad.ScreenLockUserControl..ctor()
   at IntelligentTouchpad.MainWindow.MainWindow_Loaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   at System.Windows.Window.ShowHelper(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at IntelligentTouchpad.App.Main()

Error: (01/31/2015 07:28:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c3968001d03db5ecffacdcC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2e3ac50a-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:28:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c3967801d03db5ece89e76C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2e2df195-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c381d001d03db5ea820ae3C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2bbab1aa-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c38cf401d03db5ea615dfaC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2ba59f70-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c38bd001d03db5e9a2f67bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2ac15a01-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c3900401d03db5e1efe1c4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll22fc67ee-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c38dbc01d03db5e1a2ed1dC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll22bedf3d-a9a9-11e4-bed3-20689d7b2288

Error: (01/31/2015 07:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7WINMMBASE.dll6.2.9200.1664551c1096fc0000005000000000001fa8c3852c01d03db5dfb03dc3C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\WINMMBASE.dll2101a0e4-a9a9-11e4-bed3-20689d7b2288

==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 8052.91 MB
Available physical RAM: 6160.58 MB
Total Pagefile: 9268.91 MB
Available Pagefile: 7233.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:581.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CE51665D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
Yes, we can remove the infection, but your encrypted files cannot be recovered.
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

I followed your instructions and the fixlog appeared on my desktop but the FRST application is still running (about 2 hours since I started it) and will not close.  It is stuck on "deleting temporary files" but doesn't appear to be really doing anything except for a green bar going back and forth.  Also, most of the HELP_DECRYPT log files that were on my desktop are gone except for one PNG file.  Attached is the fixlog file.

Fixlog.txt

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.