Mongler Posted February 8, 2015 ID:937471 Share Posted February 8, 2015 Hello, My son went on a downloading spree of free games on the net and the result, of course, was loads of malware. I have removed most of it, but there are two that I can't seem to get rid of. First, there are processes in task manager showing up as con surrogate. While these are running, I am constantly having the browswer redirected, getting spam of advertisements, etc. Ending the process helps for a little while but they pop back up. Malwarebytes doesn't seem to find it. The other one is a process showing up as 'run once'. This one actually caused me huge headaches because it causes the PC to boot into the black screen of death. I finally figured out this was the cause - I can end task and it doesn't come back, but I can't seem to get rid of it either. Any help is appreciated, thanks! Link to post Share on other sites More sharing options...
deeprybka Posted February 8, 2015 ID:937473 Share Posted February 8, 2015 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Step 1 Please run a FRST scan. This will help us diagnose your problem. Please download Farbar Recovery Scan Tool and save it to your Desktop. (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
Naathim Posted February 11, 2015 ID:938815 Share Posted February 11, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Naathim Posted February 12, 2015 ID:939041 Share Posted February 12, 2015 Topic reopened per request Link to post Share on other sites More sharing options...
deeprybka Posted February 12, 2015 ID:939089 Share Posted February 12, 2015 OK... Link to post Share on other sites More sharing options...
Mongler Posted February 13, 2015 Author ID:939257 Share Posted February 13, 2015 Here are the logs, thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02Ran by Tashii (administrator) on TASHIIPC on 12-02-2015 00:16:56Running from C:\Users\Tashii\DownloadsLoaded Profiles: Tashii (Available profiles: Tashii & Administrator)Platform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intelli Term) C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe() C:\Windows\jmesoft\Service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Lenovo) C:\Windows\jmesoft\hotkey.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe() C:\Windows\jmesoft\JME_LOAD.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-18] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-17] (Realtek Semiconductor)HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comSearchScopes: HKLM -> DefaultScope {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=SearchScopes: HKLM -> {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyCtCtB0FyDzztGtD0CtAzztGyD0CyC0EtG0C0A0D0FtGtCyDtDyE0F0D0C0F0C0C0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1675798323&ir=SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> DefaultScope {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {0427C44C-3DE6-4C83-88D0-4ABA94C4290F} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEyEzztA0D0CyDtG0A0E0E0EtG0ByEtCtBtG0D0FzytCtGyDtAyEyE0CyD0E0ByDtAzytA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1595122374&ir=SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEzytDyEtAyBtDyD0Azy0EtN0D0Tzu0StCtCtAtCtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyCtCtB0FyDzztGtD0CtAzztGyD0CyC0EtG0C0A0D0FtGtCyDtDyE0F0D0C0F0C0C0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtBtCtDzyyBtGtDtB0BtBtGyEyB0BtBtG0B0FyDtCtG0CtAtByCyDzy0DtDzy0CyBtB2Q&cr=1675798323&ir=SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {17590B02-1AA1-43D4-916E-0EE220766501} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.23.0.15&apn_uid=DFDA9E84-ADAD-45BE-8DDC-9DCFE6CAF359&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.16453&doi=2015-01-25&trgb=IE&q={searchTerms}&psv=&pt=tbBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}Tcpip\Parameters: [DhcpNameServer] 192.168.1.1StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.defaultFF Homepage: www.google.comFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\\NPRobloxProxy64.dll ( ROBLOX Corporation)==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-14] (Microsoft) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 itsvc_1.10.0.8; C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()R1 itnfd_1_10_0_8; C:\Windows\System32\drivers\itnfd_1_10_0_8.sys [58232 2015-01-21] (Intelli Term)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-02] (Realtek Semiconductor Corp.)R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-12 00:16 - 2015-02-12 00:17 - 00015547 _____ () C:\Users\Tashii\Downloads\FRST.txt2015-02-12 00:16 - 2015-02-12 00:16 - 02134016 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64.exe2015-02-12 00:16 - 2015-02-12 00:16 - 00000000 ____D () C:\FRST2015-02-07 23:27 - 2015-02-07 23:27 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-02-07 23:27 - 2015-02-07 23:27 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Mozilla2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Mozilla2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\ProgramData\Mozilla2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-02-07 23:27 - 2015-02-07 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-02-07 23:23 - 2015-02-07 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-02-07 23:22 - 2015-02-07 23:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mbar2015-02-07 23:21 - 2015-02-07 23:21 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Tashii\Downloads\mbar-1.08.3.1004.exe2015-02-07 23:12 - 2015-02-07 23:12 - 00458168 _____ () C:\Users\Tashii\Downloads\setup.exe2015-02-07 07:29 - 2015-02-07 07:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4F8A743F.sys2015-02-06 23:50 - 2015-02-06 23:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tashii\Downloads\mbam-clean-2.1.1.1001.exe2015-02-06 23:27 - 2015-02-10 15:06 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-06 23:26 - 2015-02-07 23:22 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-06 23:26 - 2015-02-06 23:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-06 23:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-02-06 23:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-02-05 20:27 - 2015-02-06 11:39 - 00000000 ____D () C:\ProgramData\e7c5f99400007fd82015-02-05 20:23 - 2015-02-05 20:23 - 00001090 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\ProgramData\Licenses2015-02-05 20:23 - 2015-02-05 20:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2015-02-05 20:23 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX2015-02-05 20:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL2015-02-05 16:06 - 2015-02-05 16:06 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Google2015-02-05 15:57 - 2015-02-05 15:57 - 00000000 ____D () C:\Users\Tashii\AppData\Local\10128903282015-02-05 15:56 - 2015-02-05 20:24 - 00000000 ____D () C:\Users\Tashii\AppData\Local\WSE_Binkiland2015-02-05 15:50 - 2015-02-05 20:20 - 00000000 ____D () C:\Users\Tashii\Documents\CleanerPro2015-02-05 15:50 - 2015-02-05 15:50 - 00004016 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup2015-02-05 15:50 - 2015-02-05 15:50 - 00003188 _____ () C:\WINDOWS\System32\Tasks\CleanerPro_Start2015-02-05 15:50 - 2015-02-05 15:50 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CleanerPro2015-02-05 15:49 - 2015-02-05 15:49 - 00000000 ____D () C:\Users\Tashii\AppData\Local\10124302342015-02-05 15:49 - 2015-02-05 15:49 - 00000000 ____D () C:\Program Files (x86)\IntelliTerm_1.10.0.82015-02-05 15:48 - 2015-02-05 15:48 - 00000000 ____D () C:\Users\Tashii\Documents\Optimizer Pro2015-02-05 15:48 - 2015-02-05 15:48 - 00000000 ____D () C:\ProgramData\COMODO2015-02-05 15:47 - 2015-02-05 15:47 - 00000000 ____D () C:\Program Files\COMODO2015-02-05 15:46 - 2015-02-05 15:46 - 536870912 _____ () C:\Users\Tashii\Downloads\3DS0961 - Tomodachi Life.3ds2015-02-05 15:46 - 2015-02-05 15:46 - 00000000 ____D () C:\ProgramData\Unchecky2015-02-05 15:43 - 2015-02-11 23:57 - 00000314 _____ () C:\WINDOWS\Tasks\Binkiland.job2015-02-05 15:43 - 2015-02-05 15:43 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Binkiland2015-02-05 15:43 - 2015-02-05 15:43 - 00000000 ____D () C:\ProgramData\{0D90E553-5D12-34D5-EC94-44573C1697D9}2015-02-05 15:42 - 2015-02-05 20:24 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland2015-02-02 15:24 - 2015-02-02 15:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Rovio2015-02-02 11:29 - 2015-02-02 11:29 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\WebApp2015-01-31 05:24 - 2015-02-02 10:44 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\CyberLink2015-01-31 05:24 - 2015-02-02 10:44 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CyberLink2015-01-26 18:07 - 2015-02-05 16:02 - 00001361 _____ () C:\Users\Tashii\Desktop\ROBLOX Player.lnk2015-01-26 18:06 - 2015-02-05 16:02 - 00001180 _____ () C:\Users\Tashii\Desktop\ROBLOX Studio.lnk2015-01-26 18:06 - 2015-02-05 16:02 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-01-26 18:06 - 2015-01-26 19:01 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Roblox2015-01-25 07:12 - 2015-01-25 07:12 - 00000000 ____D () C:\ProgramData\APN2015-01-25 07:10 - 2015-02-11 22:04 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\.minecraft2015-01-25 07:10 - 2015-01-25 07:10 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\java2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Sun2015-01-25 07:10 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-01-25 07:09 - 2015-01-25 07:10 - 00000000 ____D () C:\ProgramData\Oracle2015-01-25 07:09 - 2015-01-25 07:09 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-24 23:30 - 2015-01-25 07:26 - 00000000 ____D () C:\Windows.old2015-01-24 23:30 - 2015-01-24 23:30 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff2015-01-24 23:19 - 2015-01-25 05:31 - 00000000 ___HD () C:\$SysReset2015-01-24 23:19 - 2015-01-24 23:19 - 00000000 ____D () C:\$WINDOWS.~BT2015-01-24 22:32 - 2014-05-19 18:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-01-24 22:32 - 2014-05-19 15:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-01-24 22:32 - 2014-05-19 15:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-01-24 22:32 - 2014-05-19 15:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-01-24 22:32 - 2014-05-19 15:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-01-24 22:32 - 2014-05-19 15:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-01-24 22:32 - 2014-05-19 15:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-01-24 22:32 - 2014-05-19 15:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2015-01-24 22:32 - 2014-05-19 15:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-01-24 22:32 - 2014-05-14 14:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-01-24 22:32 - 2014-05-14 14:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-01-24 22:32 - 2014-05-14 14:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-01-24 22:32 - 2014-05-14 14:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-01-24 22:32 - 2013-08-15 21:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2015-01-24 22:32 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-01-24 22:32 - 2013-08-15 14:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2015-01-24 22:31 - 2015-02-11 21:11 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2167489817-2047180528-57149990-10012015-01-24 22:25 - 2015-01-24 22:25 - 00001441 _____ () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Power2Go2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Lenovo2015-01-24 22:25 - 2015-01-24 22:25 - 00000000 ____D () C:\ProgramData\eBay2015-01-24 22:24 - 2015-01-24 22:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Macromedia2015-01-24 22:24 - 2015-01-24 22:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Adobe2015-01-24 22:23 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Packages2015-01-24 22:23 - 2015-01-24 22:23 - 00000020 ___SH () C:\Users\Tashii\ntuser.ini2015-01-24 22:23 - 2015-01-24 22:23 - 00000000 ____D () C:\Users\Tashii\AppData\Local\VirtualStore2015-01-24 20:32 - 2015-01-24 22:25 - 00000000 ____D () C:\Users\Tashii2015-01-24 20:32 - 2015-01-24 20:32 - 00017148 _____ () C:\WINDOWS\diagwrn.xml2015-01-24 20:32 - 2015-01-24 20:32 - 00017148 _____ () C:\WINDOWS\diagerr.xml2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2015-01-24 20:32 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-01-23 16:58 - 2015-01-23 16:58 - 05040384 _____ (AVAST Software) C:\Users\Tashii\Downloads\avastclear.exe2015-01-21 16:40 - 2015-01-21 16:40 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Tashii\Downloads\AdbeRdr11007_en_US.exe2015-01-21 16:35 - 2015-01-21 16:36 - 132469808 _____ (AVAST Software) C:\Users\Tashii\Downloads\avast_free_antivirus_setup.exe2015-01-21 11:50 - 2015-01-21 11:50 - 00058232 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-12 00:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-11 22:15 - 2013-05-13 20:53 - 01260261 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-10 00:21 - 2013-08-17 09:47 - 00300032 ___SH () C:\Users\Tashii\Downloads\Thumbs.db2015-02-07 07:33 - 2012-07-25 23:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-07 00:00 - 2012-10-09 15:08 - 00016596 _____ () C:\WINDOWS\PFRO.log2015-02-07 00:00 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-06 23:40 - 2014-03-09 05:35 - 00440320 ___SH () C:\Users\Tashii\Desktop\Thumbs.db2015-02-06 23:35 - 2013-05-13 21:19 - 00000000 ____D () C:\ProgramData\McAfee2015-02-06 23:34 - 2013-05-13 21:22 - 00000000 ____D () C:\ProgramData\Temp2015-02-06 20:38 - 2012-07-26 00:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2015-02-05 20:29 - 2013-05-13 21:29 - 00000000 ____D () C:\Program Files (x86)\Amazon2015-02-05 20:28 - 2013-05-13 21:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-05 20:19 - 2013-05-13 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2015-02-05 20:19 - 2013-05-13 21:21 - 00000000 ____D () C:\Program Files\Lenovo2015-02-05 20:10 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2015-02-05 20:05 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-02 10:44 - 2013-05-13 21:26 - 00000000 ____D () C:\ProgramData\CyberLink2015-01-31 05:26 - 2013-08-19 19:45 - 00000000 ____D () C:\Users\Tashii\Documents\Youcam2015-01-27 12:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent2015-01-26 14:21 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-25 17:15 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-25 05:41 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\rescache2015-01-24 23:30 - 2012-07-26 00:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template2015-01-24 22:35 - 2013-05-13 21:08 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-01-24 22:25 - 2013-05-13 22:32 - 00067521 _____ () C:\WINDOWS\modules.log2015-01-24 22:23 - 2012-10-09 16:08 - 00000000 ___DC () C:\WINDOWS\Panther2015-01-24 22:23 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2015-01-24 22:23 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore2015-01-24 20:32 - 2012-07-26 00:12 - 00000000 __RHD () C:\Users\Public\Libraries2015-01-24 20:32 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery2015-01-24 20:32 - 2012-07-25 23:21 - 00025365 _____ () C:\WINDOWS\setupact.log==================== Files in the root of some directories =======2013-05-13 21:07 - 2013-05-13 21:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2013-05-13 21:11 - 2013-05-13 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-6892.vbs2013-05-13 21:11 - 2013-05-13 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-6963.vbsFiles to move or delete:====================C:\ProgramData\Lenovo-6892.vbsC:\ProgramData\Lenovo-6963.vbsSome content of TEMP:====================C:\Users\Tashii\AppData\Local\Temp\0004.exeC:\Users\Tashii\AppData\Local\Temp\APNSetup.exeC:\Users\Tashii\AppData\Local\Temp\BNKStubSetup.exeC:\Users\Tashii\AppData\Local\Temp\CloudBackup5135.exeC:\Users\Tashii\AppData\Local\Temp\COMAP.EXEC:\Users\Tashii\AppData\Local\Temp\optprosetup.exeC:\Users\Tashii\AppData\Local\Temp\uninstall.exeC:\Users\Tashii\AppData\Local\Temp\vcredist_x64.exeC:\Users\Tashii\AppData\Local\Temp\_is2159.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-02-03 13:41==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02Ran by Tashii at 2015-02-12 00:17:29Running from C:\Users\Tashii\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) HiddenDolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) HiddenENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) HiddenFinding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) HiddenFruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) HiddenGamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intelli Term 1.10.0.8 (HKLM-x32\...\IntelliTerm_1.10.0.8) (Version: 1.10.0.8 - Intelli Term)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.44180 - Lenovo)Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.44180 - Lenovo)Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) HiddenLenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) HiddenLenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) HiddenLenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) HiddenLenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.75 - Lenovo)LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) HiddenMatching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) HiddenMicrosoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)ROBLOX Player for Tashii (HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hiddentimer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-2167489817-2047180528-57149990-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-7bf02ef54e3249d6\RobloxProxy64.dll (ROBLOX Corporation)==================== Restore Points =========================24-01-2015 22:31:53 Windows Update26-01-2015 14:20:51 Windows Modules Installer02-02-2015 12:35:50 Installed Star Wars®: Knights of the Old Republic 05-02-2015 20:19:12 Removed AngryBirds07-02-2015 23:54:00 Removed Nitro Pro 8==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2012-07-25 21:26 - 2015-02-05 20:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {3356652B-4BDD-4D2B-BE3D-2CB49F07009E} - System32\Tasks\Lenovo\Lenovo-6963 => C:\ProgramData\Lenovo-6963.vbs [2013-05-13] ()Task: {79E096F8-6F97-4470-A100-36DE406C0F3B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTIONTask: {80E88A19-0124-4612-A4F5-73CFCA0E7CD8} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: {81DA8117-39A7-45B2-B035-39B57CB0AF4C} - \Binkiland No Task File <==== ATTENTIONTask: {BCC31C18-3A58-4956-AD75-FF5634BA9F08} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {DA2DA31D-791F-4725-8889-C99E81CCC96E} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)Task: {DE898A1A-8A7E-443E-A38E-EA7B60C7D5C0} - System32\Tasks\Lenovo\Lenovo-6892 => C:\ProgramData\Lenovo-6892.vbs [2013-05-13] ()Task: {F5CADE56-AD46-43C5-AC52-D2B2F7F556C1} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exeTask: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Tashii\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION==================== Loaded Modules (whitelisted) ==============2013-05-13 21:07 - 2011-03-15 19:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe2013-05-13 21:45 - 2013-01-02 11:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2013-01-30 00:00 - 2013-01-15 20:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-05-13 21:07 - 2011-05-17 12:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe2013-05-13 21:04 - 2012-06-24 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-05-13 21:07 - 2011-05-17 12:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll2009-12-04 15:59 - 2009-12-04 15:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll2009-12-04 16:04 - 2009-12-04 16:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll2015-02-07 23:27 - 2015-01-23 02:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\Temp:5C321E34==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tashii\Desktop\Deadpool.jpgDNS Servers: 192.168.1.1==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run32: => "tvncontrol"HKLM\...\StartupApproved\Run32: => "mcpltui_exe"HKLM\...\StartupApproved\Run32: => "mcui_exe"HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1F05FDA8EA53BF2FA9F0AADD4CAA6871"==================== Accounts: =============================Administrator (S-1-5-21-2167489817-2047180528-57149990-500 - Administrator - Disabled) => C:\Users\AdministratorGuest (S-1-5-21-2167489817-2047180528-57149990-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2167489817-2047180528-57149990-1005 - Limited - Enabled)Tashii (S-1-5-21-2167489817-2047180528-57149990-1001 - Administrator - Enabled) => C:\Users\Tashii==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/09/2015 11:32:25 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (2032) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/08/2015 08:57:34 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (2200) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/08/2015 02:17:12 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (1352) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/07/2015 00:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (02/06/2015 08:30:10 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (3628) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/06/2015 00:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16453, time stamp: 0x509b0dfbFaulting module name: iertutil.dll, version: 10.0.9200.16453, time stamp: 0x509b240eException code: 0xc0000005Fault offset: 0x000b9a86Faulting process id: 0x11f0Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5Error: (02/05/2015 08:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.System errors:=============Error: (02/10/2015 03:06:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.Error: (02/07/2015 11:26:51 PM) (Source: DCOM) (EventID: 10016) (User: TashiiPC)Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}TashiiPCTashiiS-1-5-21-2167489817-2047180528-57149990-1001LocalHost (Using LRPC)UnavailableUnavailableError: (02/06/2015 08:38:33 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)Description: {209500FC-6B45-4693-8871-6296C4843751}Error: (02/06/2015 08:38:03 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)Description: {209500FC-6B45-4693-8871-6296C4843751}Error: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaError: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaError: (02/06/2015 08:33:27 PM) (Source: DCOM) (EventID: 10010) (User: TashiiPC)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaError: (02/06/2015 08:30:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}Error: (02/05/2015 08:34:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)Description: A corruption was discovered in the file system structure on volume Windows8_OS.The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x9000000000009. The name of the file is "<unable to determine file name>".Error: (02/05/2015 08:28:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).Microsoft Office Sessions:=========================Error: (02/09/2015 11:32:25 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex2032C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/08/2015 08:57:34 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex2200C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/08/2015 02:17:12 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex1352C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/07/2015 00:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: 0x8898008dError: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141Error: (02/06/2015 08:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141Error: (02/06/2015 08:30:10 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex3628C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/06/2015 00:31:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE10.0.9200.16453509b0dfbiertutil.dll10.0.9200.16453509b240ec0000005000b9a8611f001d041e666b5f5b5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\iertutil.dll997c7d93-adda-11e4-be74-208984904370Error: (02/05/2015 08:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141CodeIntegrity Errors:=================================== Date: 2015-01-31 05:24:40.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Core i3-3240 CPU @ 3.40GHzPercentage of memory in use: 35%Total physical RAM: 3992.27 MBAvailable physical RAM: 2580.56 MBTotal Pagefile: 4696.27 MBAvailable Pagefile: 3118.84 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB==================== Drives ================================Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:759.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (NEW) (CDROM) (Total:3.2 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: AF3253D7)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted February 13, 2015 ID:939300 Share Posted February 13, 2015 Hi, Step 1 Scan with Malwarebytes Anti-MalwarePlease open Malwarebytes Anti-Malware.Please update the database by clicking on the "Update Now" button.Following the update and click "Settings" [1] and go to "Detection and Protection" [2]Make sure "Scan for Rootkits" is checked.Click on Dashboard [3], then click on Scan Now [4] to start the scan. :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]A window with an option to view the detailed log will appear. Click on "View detailed log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply. Link to post Share on other sites More sharing options...
Mongler Posted February 14, 2015 Author ID:939528 Share Posted February 14, 2015 Here it is, thanks! Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/13/2015Scan Time: 11:04:39 PMLogfile:Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.02.13.09Rootkit Database: v2015.02.03.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8CPU: x64File System: NTFSUser: TashiiScan Type: Threat ScanResult: CompletedObjects Scanned: 377157Time Elapsed: 7 min, 34 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe, 1940, Delete-on-Reboot, [5fb321f94545082e958599885fa3f808]Modules: 0(No malicious items detected)Registry Keys: 4PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itsvc_1.10.0.8, Quarantined, [5fb321f94545082e958599885fa3f808],PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IntelliTerm_1.10.0.8, Quarantined, [ca481406b6d47cba89918d9436cc0ff1],PUP.Optional.IntelliTerm.A, HKLM\SOFTWARE\WOW6432NODE\IntelliTerm_1.10.0.8, Quarantined, [5fb339e1b9d179bdbd26a6738a7b4cb4],PUP.Optional.IntelliTerm.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\itnfd_1_10_0_8, Quarantined, [ee2470aae4a64aecac3538e1d1344cb4],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 3PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8, Delete-on-Reboot, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service, Delete-on-Reboot, [72a027f36723ef47b995820a659e2dd3],Files: 11PUP.Optional.IntelliTerm.A, C:\WINDOWS\SYSTEM32\drivers\itnfd_1_10_0_8.sys, Delete-on-Reboot, [9cd9a4e56b45b16f4a409df4bedde627],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Service\itsvc.exe, Delete-on-Reboot, [5fb321f94545082e958599885fa3f808],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\Uninstall.exe, Quarantined, [ca481406b6d47cba89918d9436cc0ff1],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\terms-of-service.rtf, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\buildcrx-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\nsJSON-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\Nustache-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],PUP.Optional.IntelliTerm.A, C:\Program Files (x86)\IntelliTerm_1.10.0.8\3rd Party Licenses\UAC-license.txt, Quarantined, [72a027f36723ef47b995820a659e2dd3],Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
deeprybka Posted February 14, 2015 ID:939574 Share Posted February 14, 2015 Hi, Step 1 Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. Link to post Share on other sites More sharing options...
Mongler Posted February 15, 2015 Author ID:939868 Share Posted February 15, 2015 Here it is, thanks! # AdwCleaner v4.110 - Logfile created 15/02/2015 at 09:58:41# Updated 05/02/2015 by Xplode# Database : 2015-02-14.2 [server]# Operating system : Windows 8 (x64)# Username : Tashii - TASHIIPC# Running from : C:\Users\Tashii\Downloads\AdwCleaner.exe# Option : Cleaning***** [ Services ] *****Service Deleted : YahooAUService***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\Yahoo! CompanionFolder Deleted : C:\ProgramData\e7c5f99400007fd8Folder Deleted : C:\Program Files (x86)\Amazon\ABBFolder Deleted : C:\Users\Tashii\AppData\Local\Temp\apnFolder Deleted : C:\Users\Tashii\AppData\Local\CleanerProFolder Deleted : C:\Users\Tashii\AppData\LocalLow\Yahoo! CompanionFolder Deleted : C:\Users\Tashii\Documents\Optimizer ProFolder Deleted : C:\Users\Tashii\Documents\CleanerProFolder Deleted : C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}File Deleted : C:\ENDFile Deleted : C:\Users\Tashii\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.default\user.js***** [ Scheduled tasks ] *****Task Deleted : LaunchSignupTask Deleted : CleanerPro_Start***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0427C44C-3DE6-4C83-88D0-4ABA94C4290F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{17590B02-1AA1-43D4-916E-0EE220766501}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0427C44C-3DE6-4C83-88D0-4ABA94C4290F}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}Key Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! ToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! CompanionKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com***** [ Web browsers ] *****-\\ Internet Explorer v10.0.9200.16453-\\ Mozilla Firefox v35.0.1 (x86 en-US)-\\ Google Chrome v*************************AdwCleaner[R0].txt - [4259 bytes] - [15/02/2015 09:56:39]AdwCleaner[s0].txt - [3710 bytes] - [15/02/2015 09:58:41]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3769 bytes] ########## Link to post Share on other sites More sharing options...
deeprybka Posted February 15, 2015 ID:939874 Share Posted February 15, 2015 OK... Step 1Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button. When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
Mongler Posted February 15, 2015 Author ID:939902 Share Posted February 15, 2015 Here's the first log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015Ran by Tashii (administrator) on TASHIIPC on 15-02-2015 13:26:27Running from C:\Users\Tashii\DownloadsLoaded Profiles: Tashii (Available profiles: Tashii & Administrator)Platform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe() C:\Windows\jmesoft\Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\LogonUI.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Lenovo) C:\Windows\jmesoft\hotkey.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe() C:\Windows\jmesoft\JME_LOAD.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe(Farbar) C:\Users\Tashii\Downloads\FRST64(1).exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-18] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKU\S-1-5-21-2167489817-2047180528-57149990-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-2167489817-2047180528-57149990-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}Tcpip\Parameters: [DhcpNameServer] 192.168.1.1StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Users\Tashii\AppData\Roaming\Mozilla\Firefox\Profiles\joza565k.defaultFF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=FF SelectedSearchEngine: YahooFF Homepage: hxxp://www.yahoo.com/?ilc=8FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mkg030&p=FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-2167489817-2047180528-57149990-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll ( ROBLOX Corporation)Chrome:=======CHR Profile: C:\Users\Tashii\AppData\Local\Google\Chrome\User Data\Default==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-15 13:25 - 2015-02-15 13:25 - 02085888 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64(1).exe2015-02-15 09:56 - 2015-02-15 09:58 - 00000000 ____D () C:\AdwCleaner2015-02-15 09:55 - 2015-02-15 09:55 - 02112512 _____ () C:\Users\Tashii\Downloads\AdwCleaner.exe2015-02-13 03:57 - 2015-02-13 03:57 - 00001146 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk2015-02-13 03:57 - 2015-02-13 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger2015-02-13 03:56 - 2015-02-13 03:56 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us(2).exe2015-02-13 02:22 - 2015-02-13 02:23 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Yahoo!2015-02-13 02:22 - 2015-02-13 02:22 - 00000000 ____D () C:\ProgramData\Yahoo!2015-02-13 02:20 - 2015-02-13 02:22 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2015-02-13 02:20 - 2015-02-13 02:20 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us.exe2015-02-13 02:20 - 2015-02-13 02:20 - 00691576 _____ (Yahoo! Inc.) C:\Users\Tashii\Downloads\msgr11us(1).exe2015-02-13 01:12 - 2015-02-15 13:24 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-13 01:12 - 2015-02-13 01:12 - 00000974 _____ () C:\Users\Public\Desktop\Steam.lnk2015-02-13 01:12 - 2015-02-13 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2015-02-13 01:11 - 2015-02-13 01:11 - 01142128 _____ () C:\Users\Tashii\Downloads\SteamSetup.exe2015-02-12 03:18 - 2015-02-12 03:18 - 00031446 _____ () C:\Users\Tashii\Desktop\FRST.txt2015-02-12 03:18 - 2015-02-12 03:18 - 00023660 _____ () C:\Users\Tashii\Desktop\Addition.txt2015-02-12 03:17 - 2015-02-12 03:17 - 00023660 _____ () C:\Users\Tashii\Downloads\Addition.txt2015-02-12 03:16 - 2015-02-15 13:26 - 00014271 _____ () C:\Users\Tashii\Downloads\FRST.txt2015-02-12 03:16 - 2015-02-15 13:26 - 00000000 ____D () C:\FRST2015-02-12 03:16 - 2015-02-12 03:16 - 02134016 _____ (Farbar) C:\Users\Tashii\Downloads\FRST64.exe2015-02-08 02:27 - 2015-02-08 02:27 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-02-08 02:27 - 2015-02-08 02:27 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Mozilla2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Mozilla2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\ProgramData\Mozilla2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-02-08 02:27 - 2015-02-08 02:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-02-08 02:23 - 2015-02-08 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-02-08 02:22 - 2015-02-08 02:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mbar2015-02-08 02:21 - 2015-02-08 02:21 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Tashii\Downloads\mbar-1.08.3.1004.exe2015-02-07 10:29 - 2015-02-07 10:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4F8A743F.sys2015-02-07 02:50 - 2015-02-07 02:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tashii\Downloads\mbam-clean-2.1.1.1001.exe2015-02-07 02:27 - 2015-02-15 13:09 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-07 02:26 - 2015-02-08 02:22 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-07 02:26 - 2015-02-07 02:26 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-07 02:26 - 2014-11-21 09:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-02-07 02:26 - 2014-11-21 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-02-05 23:23 - 2015-02-05 23:23 - 00001090 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\ProgramData\Licenses2015-02-05 23:23 - 2015-02-05 23:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2015-02-05 23:23 - 2011-11-04 08:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX2015-02-05 23:23 - 2009-03-24 15:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL2015-02-05 19:06 - 2015-02-13 02:22 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Google2015-02-05 18:57 - 2015-02-05 18:57 - 00000000 ____D () C:\Users\Tashii\AppData\Local\10128903282015-02-05 18:49 - 2015-02-05 18:49 - 00000000 ____D () C:\Users\Tashii\AppData\Local\10124302342015-02-05 18:48 - 2015-02-05 18:48 - 00000000 ____D () C:\ProgramData\COMODO2015-02-05 18:47 - 2015-02-05 18:47 - 00000000 ____D () C:\Program Files\COMODO2015-02-05 18:46 - 2015-02-05 18:46 - 536870912 _____ () C:\Users\Tashii\Downloads\3DS0961 - Tomodachi Life.3ds2015-02-05 18:46 - 2015-02-05 18:46 - 00000000 ____D () C:\ProgramData\Unchecky2015-02-05 18:43 - 2015-02-05 18:43 - 00000000 ____D () C:\ProgramData\{0D90E553-5D12-34D5-EC94-44573C1697D9}2015-02-02 18:24 - 2015-02-02 18:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Rovio2015-02-02 14:29 - 2015-02-02 14:29 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\WebApp2015-01-31 08:24 - 2015-02-02 13:44 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\CyberLink2015-01-31 08:24 - 2015-02-02 13:44 - 00000000 ____D () C:\Users\Tashii\AppData\Local\CyberLink2015-01-26 21:07 - 2015-02-12 18:18 - 00001361 _____ () C:\Users\Tashii\Desktop\ROBLOX Player.lnk2015-01-26 21:06 - 2015-02-12 18:18 - 00001180 _____ () C:\Users\Tashii\Desktop\ROBLOX Studio.lnk2015-01-26 21:06 - 2015-02-12 18:18 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-01-26 21:06 - 2015-01-26 22:01 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Roblox2015-01-25 10:10 - 2015-02-12 01:04 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\.minecraft2015-01-25 10:10 - 2015-01-25 10:10 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\java2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Sun2015-01-25 10:10 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-01-25 10:09 - 2015-01-25 10:10 - 00000000 ____D () C:\ProgramData\Oracle2015-01-25 10:09 - 2015-01-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-25 02:30 - 2015-01-25 10:26 - 00000000 ____D () C:\Windows.old2015-01-25 02:30 - 2015-01-25 02:30 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff2015-01-25 02:19 - 2015-01-25 08:31 - 00000000 ___HD () C:\$SysReset2015-01-25 02:19 - 2015-01-25 02:19 - 00000000 ____D () C:\$WINDOWS.~BT2015-01-25 01:32 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-01-25 01:32 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-01-25 01:32 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-01-25 01:32 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-01-25 01:32 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-01-25 01:32 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-01-25 01:32 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-01-25 01:32 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2015-01-25 01:32 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-01-25 01:32 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-01-25 01:32 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-01-25 01:32 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-01-25 01:32 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-01-25 01:32 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2015-01-25 01:32 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-01-25 01:32 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2015-01-25 01:31 - 2015-02-15 13:19 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2167489817-2047180528-57149990-10012015-01-25 01:25 - 2015-01-25 01:25 - 00001441 _____ () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Power2Go2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Lenovo2015-01-25 01:25 - 2015-01-25 01:25 - 00000000 ____D () C:\ProgramData\eBay2015-01-25 01:24 - 2015-01-25 01:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Macromedia2015-01-25 01:24 - 2015-01-25 01:24 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Adobe2015-01-25 01:23 - 2015-02-13 02:22 - 00000000 ____D () C:\Users\Tashii\AppData\Local\VirtualStore2015-01-25 01:23 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii\AppData\Local\Packages2015-01-25 01:23 - 2015-01-25 01:23 - 00000020 ___SH () C:\Users\Tashii\ntuser.ini2015-01-24 23:32 - 2015-01-25 01:25 - 00000000 ____D () C:\Users\Tashii2015-01-24 23:32 - 2015-01-24 23:32 - 00017148 _____ () C:\WINDOWS\diagwrn.xml2015-01-24 23:32 - 2015-01-24 23:32 - 00017148 _____ () C:\WINDOWS\diagerr.xml2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2015-01-24 23:32 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\Tashii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-01-23 19:58 - 2015-01-23 19:58 - 05040384 _____ (AVAST Software) C:\Users\Tashii\Downloads\avastclear.exe2015-01-21 19:40 - 2015-01-21 19:40 - 74696576 _____ (Adobe Systems Incorporated) C:\Users\Tashii\Downloads\AdbeRdr11007_en_US.exe2015-01-21 19:35 - 2015-01-21 19:36 - 132469808 _____ (AVAST Software) C:\Users\Tashii\Downloads\avast_free_antivirus_setup.exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-15 13:10 - 2012-07-26 02:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-15 10:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-15 09:59 - 2012-10-09 18:08 - 00025282 _____ () C:\WINDOWS\PFRO.log2015-02-15 09:59 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\Registration2015-02-15 09:59 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-15 09:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-15 09:58 - 2013-05-14 00:29 - 00000000 ____D () C:\Program Files (x86)\Amazon2015-02-15 09:52 - 2013-08-18 12:38 - 00000220 _____ () C:\Users\Tashii\Desktop\Garry's Mod.url2015-02-15 09:23 - 2013-05-13 23:53 - 01650559 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-13 23:29 - 2013-08-18 06:56 - 00000219 _____ () C:\Users\Tashii\Desktop\Team Fortress 2.url2015-02-13 18:51 - 2015-01-05 19:34 - 00000000 ____D () C:\Users\Tashii\Desktop\mama pict2015-02-13 18:47 - 2014-11-22 21:04 - 00000000 ____D () C:\Users\Tashii\Desktop\house2015-02-10 03:21 - 2013-08-17 12:47 - 00300032 ___SH () C:\Users\Tashii\Downloads\Thumbs.db2015-02-07 02:40 - 2014-03-09 08:35 - 00440320 ___SH () C:\Users\Tashii\Desktop\Thumbs.db2015-02-07 02:35 - 2013-05-14 00:19 - 00000000 ____D () C:\ProgramData\McAfee2015-02-07 02:34 - 2013-05-14 00:22 - 00000000 ____D () C:\ProgramData\Temp2015-02-06 23:38 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2015-02-05 23:28 - 2013-05-14 00:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-05 23:19 - 2013-05-14 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2015-02-05 23:19 - 2013-05-14 00:21 - 00000000 ____D () C:\Program Files\Lenovo2015-02-05 23:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2015-02-02 13:44 - 2013-05-14 00:26 - 00000000 ____D () C:\ProgramData\CyberLink2015-01-31 08:26 - 2013-08-19 22:45 - 00000000 ____D () C:\Users\Tashii\Documents\Youcam2015-01-27 15:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent2015-01-26 17:21 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-25 20:15 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-25 08:41 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache2015-01-25 02:30 - 2012-07-26 03:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template2015-01-25 01:35 - 2013-05-14 00:08 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-01-25 01:25 - 2013-05-14 01:32 - 00067521 _____ () C:\WINDOWS\modules.log2015-01-25 01:23 - 2012-10-09 19:08 - 00000000 ___DC () C:\WINDOWS\Panther2015-01-25 01:23 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2015-01-25 01:23 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore2015-01-24 23:32 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries2015-01-24 23:32 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery2015-01-24 23:32 - 2012-07-26 02:21 - 00025365 _____ () C:\WINDOWS\setupact.log==================== Files in the root of some directories =======2013-05-14 00:07 - 2013-05-14 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2013-05-14 00:11 - 2013-05-14 00:11 - 0000198 ____H () C:\ProgramData\Lenovo-6892.vbs2013-05-14 00:11 - 2013-05-14 00:11 - 0000198 ____H () C:\ProgramData\Lenovo-6963.vbsFiles to move or delete:====================C:\ProgramData\Lenovo-6892.vbsC:\ProgramData\Lenovo-6963.vbsSome content of TEMP:====================C:\Users\Tashii\AppData\Local\Temp\0004.exeC:\Users\Tashii\AppData\Local\Temp\APNSetup.exeC:\Users\Tashii\AppData\Local\Temp\BNKStubSetup.exeC:\Users\Tashii\AppData\Local\Temp\CloudBackup5135.exeC:\Users\Tashii\AppData\Local\Temp\COMAP.EXEC:\Users\Tashii\AppData\Local\Temp\optprosetup.exeC:\Users\Tashii\AppData\Local\Temp\Quarantine.exeC:\Users\Tashii\AppData\Local\Temp\sqlite3.dllC:\Users\Tashii\AppData\Local\Temp\vcredist_x64.exeC:\Users\Tashii\AppData\Local\Temp\_is2159.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-02-13 11:05==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Mongler Posted February 15, 2015 Author ID:939905 Share Posted February 15, 2015 And here's the addition, thanks!: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015Ran by Tashii at 2015-02-15 13:26:57Running from C:\Users\Tashii\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) HiddenDolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) HiddenENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) HiddenFinding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) HiddenFruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) HiddenGamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.44180 - Lenovo)Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.44180 - Lenovo)Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) HiddenLenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) HiddenLenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) HiddenLenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) HiddenLenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.75 - Lenovo)LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) HiddenMatching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) HiddenMicrosoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)ROBLOX Player for Tashii (HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) HiddenYahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-2167489817-2047180528-57149990-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Tashii\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\RobloxProxy64.dll (ROBLOX Corporation)==================== Restore Points =========================26-01-2015 17:20:51 Windows Modules Installer02-02-2015 15:35:50 Installed Star Wars®: Knights of the Old Republic 05-02-2015 23:19:12 Removed AngryBirds08-02-2015 02:54:00 Removed Nitro Pro 8==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2012-07-26 00:26 - 2015-02-05 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {3356652B-4BDD-4D2B-BE3D-2CB49F07009E} - System32\Tasks\Lenovo\Lenovo-6963 => C:\ProgramData\Lenovo-6963.vbs [2013-05-14] ()Task: {80E88A19-0124-4612-A4F5-73CFCA0E7CD8} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: {BCC31C18-3A58-4956-AD75-FF5634BA9F08} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {DA2DA31D-791F-4725-8889-C99E81CCC96E} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)Task: {DE898A1A-8A7E-443E-A38E-EA7B60C7D5C0} - System32\Tasks\Lenovo\Lenovo-6892 => C:\ProgramData\Lenovo-6892.vbs [2013-05-14] ()==================== Loaded Modules (whitelisted) ==============2013-05-14 00:07 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe2013-05-14 00:45 - 2013-01-02 14:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2013-01-30 03:00 - 2013-01-15 23:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-05-14 00:07 - 2011-05-17 15:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe2013-05-14 00:04 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2015-02-13 01:13 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-02-13 01:13 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-02-13 01:13 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-02-13 01:13 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-02-13 01:13 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-02-13 01:13 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll2015-02-13 01:13 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll2015-02-13 01:13 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-02-13 01:13 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-02-13 01:13 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-02-13 01:13 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-05-14 00:07 - 2011-05-17 15:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll2009-12-04 18:59 - 2009-12-04 18:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll2009-12-04 19:04 - 2009-12-04 19:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll2015-02-13 02:22 - 2012-05-25 07:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll2015-02-13 01:13 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-02-08 02:27 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\Temp:5C321E34==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2167489817-2047180528-57149990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tashii\Desktop\Deadpool.jpgDNS Servers: 192.168.1.1==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run32: => "tvncontrol"HKLM\...\StartupApproved\Run32: => "mcpltui_exe"HKLM\...\StartupApproved\Run32: => "mcui_exe"HKU\S-1-5-21-2167489817-2047180528-57149990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1F05FDA8EA53BF2FA9F0AADD4CAA6871"==================== Accounts: =============================Administrator (S-1-5-21-2167489817-2047180528-57149990-500 - Administrator - Disabled) => C:\Users\AdministratorGuest (S-1-5-21-2167489817-2047180528-57149990-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2167489817-2047180528-57149990-1005 - Limited - Enabled)Tashii (S-1-5-21-2167489817-2047180528-57149990-1001 - Administrator - Enabled) => C:\Users\Tashii==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/14/2015 09:23:43 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (3616) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/14/2015 10:07:56 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (3760) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/13/2015 11:03:01 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (4516) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/13/2015 10:57:45 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (4740) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/10/2015 02:32:25 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (2032) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/08/2015 11:57:34 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (2200) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/08/2015 05:17:12 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex (1352) An attempt to open the file "C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).Error: (02/07/2015 03:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.System errors:=============Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The IdeaTouch.LocalDataServer.Game service terminated unexpectedly. It has done this 1 time(s).Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The IdeaTouch.LocalDataServer.Education service terminated unexpectedly. It has done this 1 time(s).Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intelli Term 1.10.0.8 Client Service service terminated unexpectedly. It has done this 1 time(s).Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (02/15/2015 09:58:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly. It has done this 1 time(s).Microsoft Office Sessions:=========================Error: (02/14/2015 09:23:43 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex3616C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/14/2015 10:07:56 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex3760C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/13/2015 11:03:01 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex4516C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/13/2015 10:57:45 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex4740C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/10/2015 02:32:25 AM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex2032C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/08/2015 11:57:34 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex2200C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/08/2015 05:17:12 PM) (Source: ESENT) (EventID: 489) (User: )Description: taskhostex1352C:\Users\Tashii\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.Error: (02/07/2015 03:02:00 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: 0x8898008dError: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141Error: (02/06/2015 11:33:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TashiiPC)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141CodeIntegrity Errors:=================================== Date: 2015-02-13 18:36:21.607 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 18:35:01.088 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 18:32:59.916 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 18:32:48.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 18:32:48.440 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 04:02:38.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 03:59:53.350 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 03:59:06.964 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 03:59:05.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-31 08:24:40.179 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Core i3-3240 CPU @ 3.40GHzPercentage of memory in use: 38%Total physical RAM: 3992.27 MBAvailable physical RAM: 2446.84 MBTotal Pagefile: 4696.27 MBAvailable Pagefile: 2933.11 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (Windows8_OS) (Fixed) (Total:904.81 GB) (Free:716.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (NEW) (CDROM) (Total:3.2 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: AF3253D7)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted February 15, 2015 ID:939911 Share Posted February 15, 2015 Let's do a final check up: Step 1 Please downloadOnline Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Choose the following settings:Click on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log fileis created at Copy and paste the content of this log file in your next reply. Note: Do not forget to re-enable your antivirus application after running the above scan! Can you please tell me which problems still persist now? How is the computer running? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 19, 2015 Root Admin ID:940931 Share Posted February 19, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts