Jump to content

Need help with some malware


Recommended Posts

Hello,

 

My son went on a downloading spree of free games on the net and the result, of course, was loads of malware.  I have removed most of it, but there are two that I can't seem to get rid of.

 

First, there are processes in task manager showing up as con surrogate.  While these are running, I am constantly having the browswer redirected, getting spam of advertisements, etc.  Ending the process helps for a little while but they pop back up.  Malwarebytes doesn't seem to find it.

 

The other one is a process showing up as 'run once'.  This one actually caused me huge headaches because it causes the PC to boot into the black screen of death.  I finally figured out this was the cause - I can end task and it doesn't come back, but I can't seem to get rid of it either.

 

Any help is appreciated, thanks!

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Here are the logs, thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Tashii (administrator) on TASHIIPC on 12-02-2015 00:16:56
Running from C:\Users\Tashii\Downloads
Loaded Profiles: Tashii (Available profiles: Tashii & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intelli Term) C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=
SearchScopes: HKLM -> {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyCtCtB0FyDzztGtD0CtAzztGyD0CyC0EtG0C0A0D0FtGtCyDtDyE0F0D0C0F0C0C0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1675798323&ir=
SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> DefaultScope {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=
SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=
SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyCtCtB0FyDzztGtD0CtAzztGyD0CyC0EtG0C0A0D0FtGtCyDtDyE0F0D0C0F0C0C0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1675798323&ir=
SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {17590B02-1AA1-43D4-916E-0EE220766501} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.23.0.15&apn_uid=DFDA9E84-ADAD-45BE-8DDC-9DCFE6CAF359&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.16453&doi=2015-01-25&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default
FF Homepage: www.google.com
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy64.dll ( ROBLOX Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-14] (Microsoft) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 itsvc_1.10.0.8; C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R1 itnfd_1_10_0_8; C:\Windows\System32\drivers\itnfd_1_10_0_8.sys [58232 2015-01-21] (Intelli Term)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-02] (Realtek Semiconductor Corp.)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 00:16 - 2015-02-12 00:17 - 00015547 _____ () C:\Users\Tashii\Downloads\FRST.txt
2015-02-12 00:16 - 2015-02-12 00:16 - 02134016 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64.exe
2015-02-12 00:16 - 2015-02-12 00:16 - 00000000 ____D () C:\FRST
2015-02-07 23:27 - 2015-02-07 23:27 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-07 23:27 - 2015-02-07 23:27 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Mozilla
2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Mozilla
2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-07 23:23 - 2015-02-07 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-07 23:22 - 2015-02-07 23:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mbar
2015-02-07 23:21 - 2015-02-07 23:21 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Tashii\Downloads\mbar-1.08.3.1004.exe
2015-02-07 23:12 - 2015-02-07 23:12 - 00458168 _____ () C:\Users\Tashii\Downloads\setup.exe
2015-02-07 07:29 - 2015-02-07 07:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4F8A743F.sys
2015-02-06 23:50 - 2015-02-06 23:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tashii\Downloads\mbam-clean-2.1.1.1001.exe
2015-02-06 23:27 - 2015-02-10 15:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 23:26 - 2015-02-07 23:22 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-06 23:26 - 2015-02-06 23:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 23:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-06 23:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-05 20:27 - 2015-02-06 11:39 - 00000000 ____D () C:\ProgramData\e7c5f99400007fd8
2015-02-05 20:23 - 2015-02-05 20:23 - 00001090 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-05 20:23 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2015-02-05 20:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-02-05 16:06 - 2015-02-05 16:06 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Google
2015-02-05 15:57 - 2015-02-05 15:57 - 00000000 ____D () C:\Users\Tashii\AppData\Local\1012890328
2015-02-05 15:56 - 2015-02-05 20:24 - 00000000 ____D () C:\Users\Tashii\AppData\Local\WSE_Binkiland
2015-02-05 15:50 - 2015-02-05 20:20 - 00000000 ____D () C:\Users\Tashii\Documents\CleanerPro
2015-02-05 15:50 - 2015-02-05 15:50 - 00004016 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-02-05 15:50 - 2015-02-05 15:50 - 00003188 _____ () C:\WINDOWS\System32\Tasks\CleanerPro_Start
2015-02-05 15:50 - 2015-02-05 15:50 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CleanerPro
2015-02-05 15:49 - 2015-02-05 15:49 - 00000000 ____D () C:\Users\Tashii\AppData\Local\1012430234
2015-02-05 15:49 - 2015-02-05 15:49 - 00000000 ____D () C:\Program Files (x86)\IntelliTerm_1.10.0.8
2015-02-05 15:48 - 2015-02-05 15:48 - 00000000 ____D () C:\Users\Tashii\Documents\Optimizer Pro
2015-02-05 15:48 - 2015-02-05 15:48 - 00000000 ____D () C:\ProgramData\COMODO
2015-02-05 15:47 - 2015-02-05 15:47 - 00000000 ____D () C:\Program Files\COMODO
2015-02-05 15:46 - 2015-02-05 15:46 - 536870912 _____ () C:\Users\Tashii\Downloads\3DS0961 - Tomodachi Life.3ds
2015-02-05 15:46 - 2015-02-05 15:46 - 00000000 ____D () C:\ProgramData\Unchecky
2015-02-05 15:43 - 2015-02-11 23:57 - 00000314 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-02-05 15:43 - 2015-02-05 15:43 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Binkiland
2015-02-05 15:43 - 2015-02-05 15:43 - 00000000 ____D () C:\ProgramData\{0D90E553-5D12-34D5-EC94-44573C1697D9}
2015-02-05 15:42 - 2015-02-05 20:24 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
2015-02-02 15:24 - 2015-02-02 15:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Rovio
2015-02-02 11:29 - 2015-02-02 11:29 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\WebApp
2015-01-31 05:24 - 2015-02-02 10:44 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\CyberLink
2015-01-31 05:24 - 2015-02-02 10:44 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CyberLink
2015-01-26 18:07 - 2015-02-05 16:02 - 00001361 _____ () C:\Users\Tashii\Desktop\ROBLOX Player.lnk
2015-01-26 18:06 - 2015-02-05 16:02 - 00001180 _____ () C:\Users\Tashii\Desktop\ROBLOX Studio.lnk
2015-01-26 18:06 - 2015-02-05 16:02 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-01-26 18:06 - 2015-01-26 19:01 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Roblox
2015-01-25 07:12 - 2015-01-25 07:12 - 00000000 ____D () C:\ProgramData\APN
2015-01-25 07:10 - 2015-02-11 22:04 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\.minecraft
2015-01-25 07:10 - 2015-01-25 07:10 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\java
2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Sun
2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-25 07:09 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 07:09 - 2015-01-25 07:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 23:30 - 2015-01-25 07:26 - 00000000 ____D () C:\Windows.old
2015-01-24 23:30 - 2015-01-24 23:30 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-01-24 23:19 - 2015-01-25 05:31 - 00000000 ___HD () C:\$SysReset
2015-01-24 23:19 - 2015-01-24 23:19 - 00000000 ____D () C:\$WINDOWS.~BT
2015-01-24 22:32 - 2014-05-19 18:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-24 22:32 - 2014-05-19 15:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-24 22:32 - 2014-05-19 15:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-01-24 22:32 - 2014-05-19 15:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-24 22:32 - 2014-05-14 14:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-24 22:32 - 2014-05-14 14:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-24 22:32 - 2014-05-14 14:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-24 22:32 - 2014-05-14 14:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-24 22:32 - 2013-08-15 21:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-24 22:32 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-24 22:32 - 2013-08-15 14:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-24 22:31 - 2015-02-11 21:11 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2167489817-2047180528-57149990-1001
2015-01-24 22:25 - 2015-01-24 22:25 - 00001441 _____ () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Power2Go
2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Lenovo
2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\ProgramData\eBay
2015-01-24 22:24 - 2015-01-24 22:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Macromedia
2015-01-24 22:24 - 2015-01-24 22:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Adobe
2015-01-24 22:23 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Packages
2015-01-24 22:23 - 2015-01-24 22:23 - 00000020 ___SH () C:\Users\Tashii\ntuser.ini
2015-01-24 22:23 - 2015-01-24 22:23 - 00000000 ____D () C:\Users\Tashii\AppData\Local\VirtualStore
2015-01-24 20:32 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii
2015-01-24 20:32 - 2015-01-24 20:32 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2015-01-24 20:32 - 2015-01-24 20:32 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-23 16:58 - 2015-01-23 16:58 - 05040384 _____ (AVAST Software) C:\Users\Tashii\Downloads\avastclear.exe
2015-01-21 16:40 - 2015-01-21 16:40 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Tashii\Downloads\AdbeRdr11007_en_US.exe
2015-01-21 16:35 - 2015-01-21 16:36 - 132469808 _____ (AVAST Software) C:\Users\Tashii\Downloads\avast_free_antivirus_setup.exe
2015-01-21 11:50 - 2015-01-21 11:50 - 00058232 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 00:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 22:15 - 2013-05-13 20:53 - 01260261 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 00:21 - 2013-08-17 09:47 - 00300032 ___SH () C:\Users\Tashii\Downloads\Thumbs.db
2015-02-07 07:33 - 2012-07-25 23:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-07 00:00 - 2012-10-09 15:08 - 00016596 _____ () C:\WINDOWS\PFRO.log
2015-02-07 00:00 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-06 23:40 - 2014-03-09 05:35 - 00440320 ___SH () C:\Users\Tashii\Desktop\Thumbs.db
2015-02-06 23:35 - 2013-05-13 21:19 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-06 23:34 - 2013-05-13 21:22 - 00000000 ____D () C:\ProgramData\Temp
2015-02-06 20:38 - 2012-07-26 00:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-05 20:29 - 2013-05-13 21:29 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-05 20:28 - 2013-05-13 21:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-05 20:19 - 2013-05-13 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-05 20:19 - 2013-05-13 21:21 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-05 20:10 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-05 20:05 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-02 10:44 - 2013-05-13 21:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-31 05:26 - 2013-08-19 19:45 - 00000000 ____D () C:\Users\Tashii\Documents\Youcam
2015-01-27 12:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-01-26 14:21 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 17:15 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-25 05:41 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-24 23:30 - 2012-07-26 00:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-24 22:35 - 2013-05-13 21:08 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-24 22:25 - 2013-05-13 22:32 - 00067521 _____ () C:\WINDOWS\modules.log
2015-01-24 22:23 - 2012-10-09 16:08 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-24 22:23 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-24 22:23 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-24 20:32 - 2012-07-26 00:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 20:32 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-24 20:32 - 2012-07-25 23:21 - 00025365 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======

2013-05-13 21:07 - 2013-05-13 21:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-13 21:11 - 2013-05-13 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-6892.vbs
2013-05-13 21:11 - 2013-05-13 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-6963.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-6892.vbs
C:\ProgramData\Lenovo-6963.vbs


Some content of TEMP:
====================
C:\Users\Tashii\AppData\Local\Temp\0004.exe
C:\Users\Tashii\AppData\Local\Temp\APNSetup.exe
C:\Users\Tashii\AppData\Local\Temp\BNKStubSetup.exe
C:\Users\Tashii\AppData\Local\Temp\CloudBackup5135.exe
C:\Users\Tashii\AppData\Local\Temp\COMAP.EXE
C:\Users\Tashii\AppData\Local\Temp\optprosetup.exe
C:\Users\Tashii\AppData\Local\Temp\uninstall.exe
C:\Users\Tashii\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tashii\AppData\Local\Temp\_is2159.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 13:41

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Tashii at 2015-02-12 00:17:29
Running from C:\Users\Tashii\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
ENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intelli Term 1.10.0.8 (HKLM-x32\...\IntelliTerm_1.10.0.8) (Version: 1.10.0.8 - Intelli Term)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.75 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
ROBLOX Player for Tashii (HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2167489817-2047180528-57149990-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points  =========================

24-01-2015 22:31:53 Windows Update
26-01-2015 14:20:51 Windows Modules Installer
02-02-2015 12:35:50 Installed Star Wars®: Knights of the Old Republic
05-02-2015 20:19:12 Removed AngryBirds
07-02-2015 23:54:00 Removed Nitro Pro 8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2015-02-05 20:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3356652B-4BDD-4D2B-BE3D-2CB49F07009E} - System32\Tasks\Lenovo\Lenovo-6963 => C:\ProgramData\Lenovo-6963.vbs [2013-05-13] ()
Task: {79E096F8-6F97-4470-A100-36DE406C0F3B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {80E88A19-0124-4612-A4F5-73CFCA0E7CD8} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {81DA8117-39A7-45B2-B035-39B57CB0AF4C} - \Binkiland No Task File <==== ATTENTION
Task: {BCC31C18-3A58-4956-AD75-FF5634BA9F08} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {DA2DA31D-791F-4725-8889-C99E81CCC96E} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DE898A1A-8A7E-443E-A38E-EA7B60C7D5C0} - System32\Tasks\Lenovo\Lenovo-6892 => C:\ProgramData\Lenovo-6892.vbs [2013-05-13] ()
Task: {F5CADE56-AD46-43C5-AC52-D2B2F7F556C1} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Tashii\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-05-13 21:07 - 2011-03-15 19:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-05-13 21:45 - 2013-01-02 11:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-30 00:00 - 2013-01-15 20:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-13 21:07 - 2011-05-17 12:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-05-13 21:04 - 2012-06-24 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-05-13 21:07 - 2011-05-17 12:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 15:59 - 2009-12-04 15:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 16:04 - 2009-12-04 16:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-02-07 23:27 - 2015-01-23 02:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tashii\Desktop\Deadpool.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1F05FDA8EA53BF2FA9F0AADD4CAA6871"

==================== Accounts: =============================

Administrator (S-1-5-21-2167489817-2047180528-57149990-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2167489817-2047180528-57149990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2167489817-2047180528-57149990-1005 - Limited - Enabled)
Tashii (S-1-5-21-2167489817-2047180528-57149990-1001 - Administrator - Enabled) => C:\Users\Tashii

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 11:32:25 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2032) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/08/2015 08:57:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2200) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/08/2015 02:17:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (1352) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/07/2015 00:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2015 08:30:10 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (3628) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/06/2015 00:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16453, time stamp: 0x509b0dfb
Faulting module name: iertutil.dll, version: 10.0.9200.16453, time stamp: 0x509b240e
Exception code: 0xc0000005
Fault offset: 0x000b9a86
Faulting process id: 0x11f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (02/05/2015 08:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/10/2015 03:06:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/07/2015 11:26:51 PM) (Source: DCOM) (EventID: 10016) (User: TashiiPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TashiiPCTashiiS-1-5-21-2167489817-2047180528-57149990-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/06/2015 08:38:33 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (02/06/2015 08:38:03 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (02/06/2015 08:30:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (02/05/2015 08:34:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".

Error: (02/05/2015 08:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/09/2015 11:32:25 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2032C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/08/2015 08:57:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2200C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/08/2015 02:17:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex1352C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/07/2015 00:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (02/06/2015 08:30:10 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex3628C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/06/2015 00:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16453509b0dfbiertutil.dll10.0.9200.16453509b240ec0000005000b9a8611f001d041e666b5f5b5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\iertutil.dll997c7d93-adda-11e4-be74-208984904370

Error: (02/05/2015 08:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 05:24:40.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3992.27 MB
Available physical RAM: 2580.56 MB
Total Pagefile: 4696.27 MB
Available Pagefile: 3118.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:759.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (NEW) (CDROM) (Total:3.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AF3253D7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.

    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]

  • A window with an option to view the detailed log will appear.

    mbamlog.png

  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif
Link to post
Share on other sites

Here it is, thanks!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/13/2015
Scan Time: 11:04:39 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.13.09
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Tashii

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377157
Time Elapsed: 7 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe, 1940, Delete-on-Reboot, [5fb321f94545082e958599885fa3f808]

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itsvc_1.10.0.8, Quarantined, [5fb321f94545082e958599885fa3f808],
PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IntelliTerm_1.10.0.8, Quarantined, [ca481406b6d47cba89918d9436cc0ff1],
PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\IntelliTerm_1.10.0.8, Quarantined, [5fb339e1b9d179bdbd26a6738a7b4cb4],
PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itnfd_1_10_0_8, Quarantined, [ee2470aae4a64aecac3538e1d1344cb4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8, Delete-on-Reboot, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service, Delete-on-Reboot, [72a027f36723ef47b995820a659e2dd3],

Files: 11
PUP.Optional.IntelliTerm.A, C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_8.sys, Delete-on-Reboot, [9cd9a4e56b45b16f4a409df4bedde627],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe, Delete-on-Reboot, [5fb321f94545082e958599885fa3f808],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Uninstall.exe, Quarantined, [ca481406b6d47cba89918d9436cc0ff1],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\terms-of-service.rtf, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\buildcrx-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\nsJSON-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\Nustache-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],
PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\UAC-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

Here it is, thanks!

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 09:58:41
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 8  (x64)
# Username : Tashii - TASHIIPC
# Running from : C:\Users\Tashii\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\e7c5f99400007fd8
Folder Deleted : C:\Program Files (x86)\Amazon\ABB
Folder Deleted : C:\Users\Tashii\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Tashii\AppData\Local\CleanerPro
Folder Deleted : C:\Users\Tashii\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Tashii\Documents\Optimizer Pro
Folder Deleted : C:\Users\Tashii\Documents\CleanerPro
Folder Deleted : C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\END
File Deleted : C:\Users\Tashii\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : CleanerPro_Start

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0427C44C-3DE6-4C83-88D0-4ABA94C4290F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{17590B02-1AA1-43D4-916E-0EE220766501}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0427C44C-3DE6-4C83-88D0-4ABA94C4290F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16453


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4259 bytes] - [15/02/2015 09:56:39]
AdwCleaner[s0].txt - [3710 bytes] - [15/02/2015 09:58:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3769  bytes] ##########

Link to post
Share on other sites

:) OK...

 

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Here's the first log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Tashii (administrator) on TASHIIPC on 15-02-2015 13:26:27
Running from C:\Users\Tashii\Downloads
Loaded Profiles: Tashii (Available profiles: Tashii & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Farbar) C:\Users\Tashii\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-18] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll ( ROBLOX Corporation)

Chrome:
=======
CHR Profile: C:\Users\Tashii\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:25 - 2015-02-15 13:25 - 02085888 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64(1).exe
2015-02-15 09:56 - 2015-02-15 09:58 - 00000000 ____D () C:\AdwCleaner
2015-02-15 09:55 - 2015-02-15 09:55 - 02112512 _____ () C:\Users\Tashii\Downloads\AdwCleaner.exe
2015-02-13 03:57 - 2015-02-13 03:57 - 00001146 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-02-13 03:57 - 2015-02-13 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-02-13 03:56 - 2015-02-13 03:56 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us(2).exe
2015-02-13 02:22 - 2015-02-13 02:23 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Yahoo!
2015-02-13 02:22 - 2015-02-13 02:22 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-13 02:20 - 2015-02-13 02:22 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-02-13 02:20 - 2015-02-13 02:20 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us.exe
2015-02-13 02:20 - 2015-02-13 02:20 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us(1).exe
2015-02-13 01:12 - 2015-02-15 13:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-13 01:12 - 2015-02-13 01:12 - 00000974 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-13 01:12 - 2015-02-13 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-13 01:11 - 2015-02-13 01:11 - 01142128 _____ () C:\Users\Tashii\Downloads\SteamSetup.exe
2015-02-12 03:18 - 2015-02-12 03:18 - 00031446 _____ () C:\Users\Tashii\Desktop\FRST.txt
2015-02-12 03:18 - 2015-02-12 03:18 - 00023660 _____ () C:\Users\Tashii\Desktop\Addition.txt
2015-02-12 03:17 - 2015-02-12 03:17 - 00023660 _____ () C:\Users\Tashii\Downloads\Addition.txt
2015-02-12 03:16 - 2015-02-15 13:26 - 00014271 _____ () C:\Users\Tashii\Downloads\FRST.txt
2015-02-12 03:16 - 2015-02-15 13:26 - 00000000 ____D () C:\FRST
2015-02-12 03:16 - 2015-02-12 03:16 - 02134016 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64.exe
2015-02-08 02:27 - 2015-02-08 02:27 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 02:27 - 2015-02-08 02:27 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Mozilla
2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Mozilla
2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 02:23 - 2015-02-08 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 02:22 - 2015-02-08 02:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mbar
2015-02-08 02:21 - 2015-02-08 02:21 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Tashii\Downloads\mbar-1.08.3.1004.exe
2015-02-07 10:29 - 2015-02-07 10:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4F8A743F.sys
2015-02-07 02:50 - 2015-02-07 02:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tashii\Downloads\mbam-clean-2.1.1.1001.exe
2015-02-07 02:27 - 2015-02-15 13:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 02:26 - 2015-02-08 02:22 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 02:26 - 2015-02-07 02:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-07 02:26 - 2014-11-21 09:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 02:26 - 2014-11-21 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-05 23:23 - 2015-02-05 23:23 - 00001090 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-05 23:23 - 2011-11-04 08:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2015-02-05 23:23 - 2009-03-24 15:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-02-05 19:06 - 2015-02-13 02:22 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Google
2015-02-05 18:57 - 2015-02-05 18:57 - 00000000 ____D () C:\Users\Tashii\AppData\Local\1012890328
2015-02-05 18:49 - 2015-02-05 18:49 - 00000000 ____D () C:\Users\Tashii\AppData\Local\1012430234
2015-02-05 18:48 - 2015-02-05 18:48 - 00000000 ____D () C:\ProgramData\COMODO
2015-02-05 18:47 - 2015-02-05 18:47 - 00000000 ____D () C:\Program Files\COMODO
2015-02-05 18:46 - 2015-02-05 18:46 - 536870912 _____ () C:\Users\Tashii\Downloads\3DS0961 - Tomodachi Life.3ds
2015-02-05 18:46 - 2015-02-05 18:46 - 00000000 ____D () C:\ProgramData\Unchecky
2015-02-05 18:43 - 2015-02-05 18:43 - 00000000 ____D () C:\ProgramData\{0D90E553-5D12-34D5-EC94-44573C1697D9}
2015-02-02 18:24 - 2015-02-02 18:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Rovio
2015-02-02 14:29 - 2015-02-02 14:29 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\WebApp
2015-01-31 08:24 - 2015-02-02 13:44 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\CyberLink
2015-01-31 08:24 - 2015-02-02 13:44 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CyberLink
2015-01-26 21:07 - 2015-02-12 18:18 - 00001361 _____ () C:\Users\Tashii\Desktop\ROBLOX Player.lnk
2015-01-26 21:06 - 2015-02-12 18:18 - 00001180 _____ () C:\Users\Tashii\Desktop\ROBLOX Studio.lnk
2015-01-26 21:06 - 2015-02-12 18:18 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-01-26 21:06 - 2015-01-26 22:01 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Roblox
2015-01-25 10:10 - 2015-02-12 01:04 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\.minecraft
2015-01-25 10:10 - 2015-01-25 10:10 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\java
2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Sun
2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-25 10:09 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 10:09 - 2015-01-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 02:30 - 2015-01-25 10:26 - 00000000 ____D () C:\Windows.old
2015-01-25 02:30 - 2015-01-25 02:30 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-01-25 02:19 - 2015-01-25 08:31 - 00000000 ___HD () C:\$SysReset
2015-01-25 02:19 - 2015-01-25 02:19 - 00000000 ____D () C:\$WINDOWS.~BT
2015-01-25 01:32 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-25 01:32 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-25 01:32 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-01-25 01:32 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-25 01:32 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-25 01:32 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-25 01:32 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-25 01:32 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-25 01:32 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-25 01:32 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-25 01:32 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-25 01:31 - 2015-02-15 13:19 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2167489817-2047180528-57149990-1001
2015-01-25 01:25 - 2015-01-25 01:25 - 00001441 _____ () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Power2Go
2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Lenovo
2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\ProgramData\eBay
2015-01-25 01:24 - 2015-01-25 01:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Macromedia
2015-01-25 01:24 - 2015-01-25 01:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Adobe
2015-01-25 01:23 - 2015-02-13 02:22 - 00000000 ____D () C:\Users\Tashii\AppData\Local\VirtualStore
2015-01-25 01:23 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Packages
2015-01-25 01:23 - 2015-01-25 01:23 - 00000020 ___SH () C:\Users\Tashii\ntuser.ini
2015-01-24 23:32 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii
2015-01-24 23:32 - 2015-01-24 23:32 - 00017148 _____ () C:\WINDOWS\diagwrn.xml
2015-01-24 23:32 - 2015-01-24 23:32 - 00017148 _____ () C:\WINDOWS\diagerr.xml
2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-23 19:58 - 2015-01-23 19:58 - 05040384 _____ (AVAST Software) C:\Users\Tashii\Downloads\avastclear.exe
2015-01-21 19:40 - 2015-01-21 19:40 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Tashii\Downloads\AdbeRdr11007_en_US.exe
2015-01-21 19:35 - 2015-01-21 19:36 - 132469808 _____ (AVAST Software) C:\Users\Tashii\Downloads\avast_free_antivirus_setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:10 - 2012-07-26 02:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 10:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 09:59 - 2012-10-09 18:08 - 00025282 _____ () C:\WINDOWS\PFRO.log
2015-02-15 09:59 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-15 09:59 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 09:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 09:58 - 2013-05-14 00:29 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-15 09:52 - 2013-08-18 12:38 - 00000220 _____ () C:\Users\Tashii\Desktop\Garry's Mod.url
2015-02-15 09:23 - 2013-05-13 23:53 - 01650559 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 23:29 - 2013-08-18 06:56 - 00000219 _____ () C:\Users\Tashii\Desktop\Team Fortress 2.url
2015-02-13 18:51 - 2015-01-05 19:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mama pict
2015-02-13 18:47 - 2014-11-22 21:04 - 00000000 ____D () C:\Users\Tashii\Desktop\house
2015-02-10 03:21 - 2013-08-17 12:47 - 00300032 ___SH () C:\Users\Tashii\Downloads\Thumbs.db
2015-02-07 02:40 - 2014-03-09 08:35 - 00440320 ___SH () C:\Users\Tashii\Desktop\Thumbs.db
2015-02-07 02:35 - 2013-05-14 00:19 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-07 02:34 - 2013-05-14 00:22 - 00000000 ____D () C:\ProgramData\Temp
2015-02-06 23:38 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-05 23:28 - 2013-05-14 00:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-05 23:19 - 2013-05-14 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-05 23:19 - 2013-05-14 00:21 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-05 23:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-02 13:44 - 2013-05-14 00:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-31 08:26 - 2013-08-19 22:45 - 00000000 ____D () C:\Users\Tashii\Documents\Youcam
2015-01-27 15:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-01-26 17:21 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 20:15 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-25 08:41 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-25 02:30 - 2012-07-26 03:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-25 01:35 - 2013-05-14 00:08 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-25 01:25 - 2013-05-14 01:32 - 00067521 _____ () C:\WINDOWS\modules.log
2015-01-25 01:23 - 2012-10-09 19:08 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-25 01:23 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-25 01:23 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-24 23:32 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-24 23:32 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-24 23:32 - 2012-07-26 02:21 - 00025365 _____ () C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======

2013-05-14 00:07 - 2013-05-14 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-14 00:11 - 2013-05-14 00:11 - 0000198 ____H () C:\ProgramData\Lenovo-6892.vbs
2013-05-14 00:11 - 2013-05-14 00:11 - 0000198 ____H () C:\ProgramData\Lenovo-6963.vbs

Files to move or delete:
====================
C:\ProgramData\Lenovo-6892.vbs
C:\ProgramData\Lenovo-6963.vbs


Some content of TEMP:
====================
C:\Users\Tashii\AppData\Local\Temp\0004.exe
C:\Users\Tashii\AppData\Local\Temp\APNSetup.exe
C:\Users\Tashii\AppData\Local\Temp\BNKStubSetup.exe
C:\Users\Tashii\AppData\Local\Temp\CloudBackup5135.exe
C:\Users\Tashii\AppData\Local\Temp\COMAP.EXE
C:\Users\Tashii\AppData\Local\Temp\optprosetup.exe
C:\Users\Tashii\AppData\Local\Temp\Quarantine.exe
C:\Users\Tashii\AppData\Local\Temp\sqlite3.dll
C:\Users\Tashii\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tashii\AppData\Local\Temp\_is2159.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 11:05

==================== End Of Log ============================

Link to post
Share on other sites

And here's the addition, thanks!:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Tashii at 2015-02-15 13:26:57
Running from C:\Users\Tashii\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
ENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.75 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
ROBLOX Player for Tashii (HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2167489817-2047180528-57149990-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points  =========================

26-01-2015 17:20:51 Windows Modules Installer
02-02-2015 15:35:50 Installed Star Wars®: Knights of the Old Republic
05-02-2015 23:19:12 Removed AngryBirds
08-02-2015 02:54:00 Removed Nitro Pro 8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2015-02-05 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3356652B-4BDD-4D2B-BE3D-2CB49F07009E} - System32\Tasks\Lenovo\Lenovo-6963 => C:\ProgramData\Lenovo-6963.vbs [2013-05-14] ()
Task: {80E88A19-0124-4612-A4F5-73CFCA0E7CD8} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BCC31C18-3A58-4956-AD75-FF5634BA9F08} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {DA2DA31D-791F-4725-8889-C99E81CCC96E} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DE898A1A-8A7E-443E-A38E-EA7B60C7D5C0} - System32\Tasks\Lenovo\Lenovo-6892 => C:\ProgramData\Lenovo-6892.vbs [2013-05-14] ()

==================== Loaded Modules (whitelisted) ==============

2013-05-14 00:07 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-05-14 00:45 - 2013-01-02 14:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-30 03:00 - 2013-01-15 23:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-14 00:07 - 2011-05-17 15:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-05-14 00:04 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-02-13 01:13 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-13 01:13 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-13 01:13 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-13 01:13 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-13 01:13 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-13 01:13 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-13 01:13 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-13 01:13 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-13 01:13 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-13 01:13 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-13 01:13 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-05-14 00:07 - 2011-05-17 15:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 18:59 - 2009-12-04 18:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 19:04 - 2009-12-04 19:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-02-13 02:22 - 2012-05-25 07:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-02-13 01:13 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-08 02:27 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tashii\Desktop\Deadpool.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1F05FDA8EA53BF2FA9F0AADD4CAA6871"

==================== Accounts: =============================

Administrator (S-1-5-21-2167489817-2047180528-57149990-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2167489817-2047180528-57149990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2167489817-2047180528-57149990-1005 - Limited - Enabled)
Tashii (S-1-5-21-2167489817-2047180528-57149990-1001 - Administrator - Enabled) => C:\Users\Tashii

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 09:23:43 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (3616) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/14/2015 10:07:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (3760) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/13/2015 11:03:01 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4516) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/13/2015 10:57:45 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4740) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/10/2015 02:32:25 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2032) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/08/2015 11:57:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2200) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/08/2015 05:17:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (1352) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/07/2015 03:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IdeaTouch.LocalDataServer.Game service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IdeaTouch.LocalDataServer.Education service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intelli Term 1.10.0.8 Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/14/2015 09:23:43 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex3616C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/14/2015 10:07:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex3760C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/13/2015 11:03:01 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex4516C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/13/2015 10:57:45 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex4740C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/10/2015 02:32:25 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2032C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/08/2015 11:57:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2200C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/08/2015 05:17:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex1352C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/07/2015 03:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141


CodeIntegrity Errors:
===================================
  Date: 2015-02-13 18:36:21.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 18:35:01.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 18:32:59.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 18:32:48.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 18:32:48.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 04:02:38.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 03:59:53.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 03:59:06.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 03:59:05.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 08:24:40.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3992.27 MB
Available physical RAM: 2446.84 MB
Total Pagefile: 4696.27 MB
Available Pagefile: 2933.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:716.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (NEW) (CDROM) (Total:3.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AF3253D7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Let's do a final check up:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png

    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!

eset.gif

lesestoff.png

Can you please tell me which problems still persist now?

How is the computer running?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.