TechSpot

Infected after installing a bogus adblocker; can't run DDS (Step 3)

By losdavos
Dec 15, 2014
  1. Hi, I'm back after another stupid mistake.

    For some reason I can't provide my DDS log (Step 3 of the 4 Steps); it keeps telling me "DDS is not meant to run in Compatibility Mode" and just terminates. But here is my MBAM log. As always, thanks in advance.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/15/2014
    Scan Time: 5:58:00 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.15.05
    Rootkit Database: v2014.12.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: David

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 421432
    Time Elapsed: 8 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 1
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\yXfPaIT.exe, 2800, No Action By User, [56c7bda6a2da41f56ef983507d84e818]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.WebGuard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yXfPaIT, No Action By User, [56c7bda6a2da41f56ef983507d84e818],
    PUP.Optional.WebGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebGuard, No Action By User, [27f6a7bc16667cba93d4a033ee136799],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, No Action By User, [be5f2a3982fad75f8ae404c9ac587e82],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, No Action By User, [8a93f56ee6963df91d50438ab05442be],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 7
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard, No Action By User, [ae6fb7ac2755a195ea9bd885897a1ae6],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, No Action By User, [bb625e05037949edee05c66e9a694eb2],

    Files: 22
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\yXfPaIT.exe, No Action By User, [56c7bda6a2da41f56ef983507d84e818],
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\dVzZUYtqv.exe, No Action By User, [100d441f2c50d165e0879e3550b1817f],
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\MOltbb.exe, No Action By User, [c558451e7309e3535017c01354adfe02],
    PUP.Optional.WebGuard.A, C:\ProgramData\WebGuard\uninstall.exe, No Action By User, [27f6a7bc16667cba93d4a033ee136799],
    PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, No Action By User, [bd60382b156788aec061e3c7b34e40c0],
    PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, No Action By User, [6db081e28bf1bb7b150c2c7e0ff27e82],
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard\data2.dat, No Action By User, [ae6fb7ac2755a195ea9bd885897a1ae6],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, No Action By User, [9e7f9ac947353afc82d971fe8083a15f],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, No Action By User, [6cb1075c18642c0a3c1fabc429da37c9],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\ContentExplorer.exe, No Action By User, [05184b180a72db5b7a187d085ba833cd],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\RootCert.cer, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\loader.dat, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\makecert.exe, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\storage.bin, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\uninstall.exe, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, No Action By User, [fc21ff64a8d453e394ddf8d56b996f91],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, No Action By User, [bb625e05037949edee05c66e9a694eb2],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, No Action By User, [bb625e05037949edee05c66e9a694eb2],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Ok about to do the restore point and the Malwarebytes Anti-Rootkit, but before that, here's my Roguekiller log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/15/2014
    Scan Time: 5:58:00 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.15.05
    Rootkit Database: v2014.12.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: David

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 421432
    Time Elapsed: 8 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 1
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\yXfPaIT.exe, 2800, No Action By User, [56c7bda6a2da41f56ef983507d84e818]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.WebGuard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yXfPaIT, No Action By User, [56c7bda6a2da41f56ef983507d84e818],
    PUP.Optional.WebGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebGuard, No Action By User, [27f6a7bc16667cba93d4a033ee136799],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, No Action By User, [be5f2a3982fad75f8ae404c9ac587e82],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, No Action By User, [8a93f56ee6963df91d50438ab05442be],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 7
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard, No Action By User, [ae6fb7ac2755a195ea9bd885897a1ae6],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, No Action By User, [bb625e05037949edee05c66e9a694eb2],

    Files: 22
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\yXfPaIT.exe, No Action By User, [56c7bda6a2da41f56ef983507d84e818],
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\dVzZUYtqv.exe, No Action By User, [100d441f2c50d165e0879e3550b1817f],
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\MOltbb.exe, No Action By User, [c558451e7309e3535017c01354adfe02],
    PUP.Optional.WebGuard.A, C:\ProgramData\WebGuard\uninstall.exe, No Action By User, [27f6a7bc16667cba93d4a033ee136799],
    PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, No Action By User, [bd60382b156788aec061e3c7b34e40c0],
    PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, No Action By User, [6db081e28bf1bb7b150c2c7e0ff27e82],
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard\data2.dat, No Action By User, [ae6fb7ac2755a195ea9bd885897a1ae6],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, No Action By User, [9e7f9ac947353afc82d971fe8083a15f],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, No Action By User, [6cb1075c18642c0a3c1fabc429da37c9],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\ContentExplorer.exe, No Action By User, [05184b180a72db5b7a187d085ba833cd],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\RootCert.cer, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\loader.dat, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\makecert.exe, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\storage.bin, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\uninstall.exe, No Action By User, [fd20d48f2458f541048fe3a2eb18f50b],
    PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, No Action By User, [fc21ff64a8d453e394ddf8d56b996f91],
    PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, No Action By User, [a9740d56ea92ea4c9c0a73bf000353ad],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Extutil.A, C:\Users\David\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, No Action By User, [e53893d0bebe31050ee4f14312f16a96],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, No Action By User, [bb625e05037949edee05c66e9a694eb2],
    PUP.Optional.Managera.A, C:\Users\David\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, No Action By User, [bb625e05037949edee05c66e9a694eb2],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You posted MBAM log again instead of RogueKiller log.
     
  5. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    MBAR didn't find anything, so here's system-log.txt alone:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17498

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.295000 GHz
    Memory total: 4202979328, free: 882552832

    Downloaded database version: v2014.12.15.06
    Downloaded database version: v2014.12.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17498

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.295000 GHz
    Memory total: 4202979328, free: 903819264

    =======================================
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17498

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.295000 GHz
    Memory total: 4202979328, free: 1007091712

    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/15/2014 19:25:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\DptfDevProc.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\DRIVERS\NETwbw02.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\AcpiVpc.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\system32\DRIVERS\DptfDevPch.sys
    \SystemRoot\System32\drivers\msgpiowin32.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\system32\DRIVERS\DptfManager.sys
    \SystemRoot\System32\drivers\ISCTD64.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\iwdbus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\system32\DRIVERS\ibtusb.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\rtsuvc.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\drivers\BthLEEnum.sys
    \SystemRoot\System32\drivers\rfcomm.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\System32\drivers\bthpan.sys
    \SystemRoot\system32\drivers\BthA2DP.sys
    \SystemRoot\system32\drivers\btampm.sys
    \SystemRoot\System32\drivers\BthAvrcpTg.sys
    \SystemRoot\System32\drivers\bthhfenum.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\system32\DRIVERS\BthHfAud.sys
    \SystemRoot\System32\drivers\BthHFHid.sys
    \SystemRoot\System32\drivers\mshidkmdf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \??\C:\windows\System32\Drivers\INETMON.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\System32\drivers\WUDFRd.sys
    \SystemRoot\System32\drivers\mshidumdf.sys
    \??\C:\windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\System32\drivers\monitor.sys
    \??\C:\windows\system32\drivers\mwac.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffe0006a8c0770
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000032\
    Lower Device Object: 0xffffe00068ada060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe0006a8c0770, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe0006a8c0230, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe0006a8c0770, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe00068adac40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe00068ada060, DeviceName: \Device\00000032\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpials.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpials.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthA2DP.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthHfAud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 15E2FFF3

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1882524988
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34 LastUsableLba 250069646
    GPT Header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1882524988
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 250069646
    Backup GPT header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2401c6a0-e1da-4784-b77e-b52034cfb7
    FirstLBA 2048 Last LBA 2050047
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 247497fe-63d2-4101-b15b-b365933ef47a
    FirstLBA 2050048 Last LBA 2582527
    Attributes 1
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 485dbef6-9c0d-4489-975f-5666aae2a1e
    FirstLBA 2582528 Last LBA 4630527
    Attributes 1
    Partition Name Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2b612072-1f29-4266-ad55-7938cda2985b
    FirstLBA 4630528 Last LBA 4892671
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4c4d23a1-bd41-474d-9e74-df507f2c802f
    FirstLBA 4892672 Last LBA 217206783
    Attributes 0
    Partition Name Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7f8973bb-836d-4270-9b49-81433120c7bd
    FirstLBA 217206784 Last LBA 225595391
    Attributes 0
    Partition Name Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID cacf430a-569-4f60-8ef4-bcbfff72ea11
    FirstLBA 225595392 Last LBA 250068991
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please read my previous reply.
     
  7. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Sorry about somehow skipping Roguekiller. I couldn't find its report so I ran it again, but the report below is BEFORE I have clicked "delete" this second time around. Let me know if I should click delete and then post the subsequent report.

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : David [Administrator]
    Mode : Scan -- Date : 12/15/2014 20:05:03

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 18 ¤¤¤
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed -> Found
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\yXfPaIT ("C:\ProgramData\cINFpU\yXfPaIT.exe") -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yXfPaIT ("C:\ProgramData\cINFpU\yXfPaIT.exe") -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51756;https=127.0.0.1:51756 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51756;https=127.0.0.1:51756 -> Found
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 [UNITED STATES (US)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 [UNITED STATES (US)] -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 6 (Driver: Not loaded [0x20]) ¤¤¤
    [IAT:Inl] (chrome.exe) KERNEL32.dll - CreateThreadpoolIo : Unknown @ 0x45002760 (jmp 0xffffffffcdb35779|call 0xfffffffffffdc22f)
    [IAT:Inl] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x45024850 (jmp 0xffffffffcee8a0da)
    [IAT:Inl] (chrome.exe) WS2_32.dll - WSARecv : Unknown @ 0x45025620 (jmp 0xffffffffcee8eabb)
    [IAT:Inl] (iexplore.exe) KERNEL32.dll - CreateThreadpoolIo : Unknown @ 0x45002760 (jmp 0xffffffffcdb35779|call 0xfffffffffffdc22f)
    [IAT:Inl] (iexplore.exe) WS2_32.dll - WSAGetOverlappedResult : Unknown @ 0x45025e30 (jmp 0xffffffffcee8509e)
    [IAT:Inl] (iexplore.exe) WS2_32.dll - WSARecv : Unknown @ 0x45025620 (jmp 0xffffffffcee8eabb)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MZMPC128HBFU-000L1 +++++
    --- User ---
    [MBR] bcd0f1149c190a550956e6d8f1fc3115
    [BSP] f108b737926102ae2a376be190d80d96 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_08182014_232533.log - RKreport_DEL_12152014_191011.log - RKreport_SCN_08182014_232526.log - RKreport_SCN_12152014_190941.log
     
  8. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    I just edited my last reply a little, for clarity.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  10. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    I'll post all three reports you've asked for each in its own post. Here's ADW:

    # AdwCleaner v4.105 - Report created 15/12/2014 at 21:17:48
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-13.4 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : David - YOGA2PRO-SILVER
    # Running from : C:\Users\David\Desktop\adwcleaner_4.105(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\David\AppData\Local\SearchProtect
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)


    -\\ Google Chrome v39.0.2171.95


    *************************

    AdwCleaner[R0].txt - [1525 octets] - [14/11/2014 00:10:49]
    AdwCleaner[R1].txt - [4926 octets] - [15/12/2014 16:04:31]
    AdwCleaner[R2].txt - [1343 octets] - [15/12/2014 21:16:14]
    AdwCleaner[S0].txt - [1600 octets] - [14/11/2014 00:13:19]
    AdwCleaner[S1].txt - [4647 octets] - [15/12/2014 16:06:14]
    AdwCleaner[S2].txt - [1270 octets] - [15/12/2014 21:17:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1330 octets] ##########
     
  11. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 8.1 x64
    Ran by David on Mon 12/15/2014 at 21:24:13.31
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\re8nxqow.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/15/2014 at 21:34:15.94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
    Ran by David (administrator) on YOGA2PRO-SILVER on 15-12-2014 21:38:12
    Running from C:\Users\David\Desktop
    Loaded Profile: David (Available profiles: David & William & Minhee)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    (Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
    () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
    (Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Thisisu) C:\Users\David\Desktop\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-12-05] (Lenovo)
    HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-12-05] ()
    HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2014-03-07] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-05] (Lenovo(beijing) Limited)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
    HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-12-27] (Absolute Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-09] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [DragonAssistant] => "C:\Program Files (x86)\Nuance\Dragon Assistant\Application\DragonAssistant.exe"
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5709000 2014-11-04] (Daum Kakao Corp. )
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-29] (Google Inc.)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-22] (Spotify Ltd)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\RunOnce: [Adobe Speed Launcher] => 1418697103
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\MountPoints2: {3bcebf4d-3214-11e4-8267-5c514f9413ed} - "E:\Msetup4.exe"
    HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-877737628-3122474596-3873684844-1001] => http=127.0.0.1:51756;https=127.0.0.1:51756
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKU\S-1-5-21-877737628-3122474596-3873684844-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: WOT - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-08-28]
    FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-07]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]
    FF Extension: No Name - wrc@avast.com [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=", "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4987-8F77-5ACA6F7FAF1C&q={searchTerms}&SSPV=
    CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3...BDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SAT=CNTS
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Shops Away Mile Finder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpncogdobljmbcakekkomnonldehlhn [2014-08-31]
    CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
    CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-25]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-25]
    CHR Extension: (WOT) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-08-25]
    CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-25]
    CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-25]
    CHR Extension: (Google News) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-08-31]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2014-08-31]
    CHR Extension: (NYTimes) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-08-31]
    CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-31]
    CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-03]
    CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-25]
    CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-09-29]
    CHR Extension: (Hangouts) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-10-29]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
    CHR Extension: (Lego Builder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2014-08-31]
    CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]
    CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-25]
    CHR HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-12-27] (Absolute Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
    R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [447888 2013-12-10] (Nuance Communications, Inc.)
    R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2013-12-17] (Nuance Communications, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
    R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-12-05] (Lenovo)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
    R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
    R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-12-05] (Lenovo)
    S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-12-05] (Lenovo)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-05] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-12-05] (Lenovo)
    S2 yXfPaIT; "C:\ProgramData\cINFpU\yXfPaIT.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-09] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-09] ()
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
    S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-09] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
    R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-15] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-15] ()
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-18] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-15 21:38 - 2014-12-15 21:38 - 00030057 _____ () C:\Users\David\Desktop\FRST.txt
    2014-12-15 21:38 - 2014-12-15 21:38 - 00000000 ____D () C:\FRST
    2014-12-15 21:35 - 2014-12-15 21:36 - 02119168 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-12-15 21:34 - 2014-12-15 21:34 - 00000753 _____ () C:\Users\David\Desktop\JRT.txt
    2014-12-15 21:22 - 2014-12-15 21:22 - 01707646 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
    2014-12-15 21:19 - 2014-12-15 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2014-12-15 21:14 - 2014-12-15 21:14 - 02166272 _____ () C:\Users\David\Desktop\adwcleaner_4.105(1).exe
    2014-12-15 19:18 - 2014-12-15 20:00 - 00000000 ____D () C:\Users\David\Desktop\mbar
    2014-12-15 19:17 - 2014-12-15 19:17 - 16448208 _____ (Malwarebytes Corp.) C:\Users\David\Downloads\mbar-1.08.2.1001.exe
    2014-12-15 19:10 - 2014-12-15 19:10 - 00005668 _____ () C:\Users\David\Desktop\RKreport_DEL_12152014_191011.log
    2014-12-15 19:06 - 2014-12-15 19:06 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-12-15 19:03 - 2014-12-15 19:03 - 15201368 _____ () C:\Users\David\Downloads\RogueKiller.exe
    2014-12-15 18:10 - 2014-12-15 18:10 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
    2014-12-15 18:09 - 2014-12-15 18:09 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com
    2014-12-15 18:06 - 2014-12-15 18:06 - 00006052 _____ () C:\Users\David\Desktop\mbam.txt
    2014-12-15 16:04 - 2014-12-15 16:04 - 02166272 _____ () C:\Users\David\Downloads\adwcleaner_4.105.exe
    2014-12-15 16:02 - 2014-12-15 16:02 - 00000000 ____D () C:\Users\David\AppData\Local\wincheck
    2014-12-15 15:57 - 2014-12-15 20:05 - 00000000 ____D () C:\Users\David\AppData\Local\WebGuard
    2014-12-15 15:57 - 2014-12-15 15:57 - 00000000 ____D () C:\Users\David\AppData\Roaming\ContentExplorer
    2014-12-15 15:56 - 2014-12-15 19:08 - 00000000 ____D () C:\ProgramData\cINFpU
    2014-12-15 15:56 - 2014-12-15 15:57 - 00000000 ____D () C:\ProgramData\WebGuard
    2014-12-15 15:56 - 2014-12-15 15:56 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
    2014-12-11 23:53 - 2014-12-11 23:54 - 00000000 ____D () C:\Users\David\Downloads\short_story_044_1007_librivox
    2014-12-11 23:48 - 2014-12-11 23:53 - 26581174 _____ () C:\Users\David\Downloads\short_story_044_1007_librivox.zip
    2014-12-10 01:20 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-10 01:20 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-12-10 01:20 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-10 01:20 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2014-12-10 01:20 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-12-10 01:20 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-12-10 01:20 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-10 01:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-10 01:20 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-10 01:20 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-12-10 01:20 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2014-12-10 01:20 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2014-12-10 01:20 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-10 01:20 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-12-10 01:20 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-10 01:20 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2014-12-10 01:20 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-12-10 01:20 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2014-12-10 01:20 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-10 01:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-10 01:20 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-10 01:20 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-10 01:20 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-10 01:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-10 01:20 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2014-12-10 01:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-10 01:20 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-10 01:20 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2014-12-10 01:20 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-10 01:20 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2014-12-10 01:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-10 01:20 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-10 01:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-10 01:20 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-10 01:20 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-10 01:20 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-12-10 01:20 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-10 01:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-10 01:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-12-10 01:20 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-10 01:20 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 01:20 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
    2014-12-10 01:20 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
    2014-12-10 01:20 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
    2014-12-10 01:20 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
    2014-12-09 08:05 - 2014-12-09 08:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-02 12:50 - 2014-12-02 12:50 - 00000000 ____D () C:\Users\David\Documents\My Received Files
    2014-12-02 11:00 - 2014-12-02 11:00 - 05025280 _____ () C:\Users\David\Downloads\rpvoip.msi
    2014-11-23 01:46 - 2014-11-23 01:46 - 00001443 _____ () C:\Users\Public\Desktop\BB FlashBack Express Recorder.lnk
    2014-11-23 01:46 - 2014-11-23 01:46 - 00001433 _____ () C:\Users\Public\Desktop\BB FlashBack Express Player.lnk
    2014-11-23 01:42 - 2014-11-23 01:42 - 00000000 ____D () C:\Users\David\Documents\BB FlashBack Express 5 Updates
    2014-11-22 15:28 - 2014-11-22 15:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Spotify
    2014-11-22 15:28 - 2014-11-22 15:28 - 00001870 _____ () C:\Users\David\Desktop\Spotify.lnk
    2014-11-22 15:28 - 2014-11-22 15:28 - 00001856 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2014-11-22 15:28 - 2014-11-22 15:28 - 00000000 ____D () C:\Users\David\AppData\Local\Spotify
    2014-11-22 15:26 - 2014-11-22 15:26 - 00137888 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup(2).exe
    2014-11-22 15:25 - 2014-11-22 15:25 - 00137888 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup.exe
    2014-11-22 15:25 - 2014-11-22 15:25 - 00137888 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup(1).exe
    2014-11-20 20:13 - 2014-11-20 20:13 - 00410308 _____ () C:\Users\David\Downloads\washington_portrait-P.jpeg
    2014-11-20 19:37 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-20 19:37 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-20 19:37 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2014-11-20 19:37 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2014-11-17 17:18 - 2014-11-17 17:18 - 05612685 _____ () C:\Users\David\Documents\Interviewing Essentials - Power Point 5-14.ucf
    2014-11-15 14:32 - 2014-11-15 14:32 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieBrowserModeList

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-15 21:31 - 2013-12-05 06:40 - 01611569 _____ () C:\windows\WindowsUpdate.log
    2014-12-15 21:28 - 2014-06-22 09:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-12-15 21:26 - 2014-03-14 00:12 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
    2014-12-15 21:23 - 2013-08-28 03:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-15 21:20 - 2014-09-06 22:25 - 00000000 ___RD () C:\Users\David\Google Drive
    2014-12-15 21:20 - 2014-03-02 00:25 - 00000000 __RDO () C:\Users\David\SkyDrive
    2014-12-15 21:20 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-12-15 21:18 - 2014-08-09 08:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-15 21:18 - 2014-03-02 02:24 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-15 21:18 - 2013-12-05 06:54 - 00012800 _____ () C:\windows\system32\VfService.trf
    2014-12-15 21:18 - 2013-12-05 06:34 - 00019400 _____ () C:\windows\setupact.log
    2014-12-15 21:18 - 2013-08-28 03:34 - 00042376 _____ () C:\windows\PFRO.log
    2014-12-15 21:18 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-15 21:18 - 2013-08-22 08:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2014-12-15 21:17 - 2014-11-14 00:10 - 00000000 ____D () C:\AdwCleaner
    2014-12-15 21:13 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
    2014-12-15 20:40 - 2014-04-02 19:29 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job
    2014-12-15 20:08 - 2014-10-29 09:58 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA.job
    2014-12-15 20:00 - 2014-08-18 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-15 19:24 - 2014-08-09 08:22 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-12-15 18:16 - 2014-09-09 06:26 - 00433152 ___SH () C:\Users\David\Desktop\Thumbs.db
    2014-12-15 18:14 - 2014-03-02 01:40 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{FFC35960-518E-4C92-8FFD-0731F1F5D7F6}
    2014-12-15 17:57 - 2014-08-09 08:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-15 17:57 - 2014-08-09 08:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-15 16:27 - 2014-03-02 00:29 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1001
    2014-12-15 16:26 - 2014-11-12 12:46 - 00005002 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for YOGA2PRO-SILVER-David yoga2pro-silver
    2014-12-15 16:13 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\NDF
    2014-12-15 16:08 - 2014-10-29 09:58 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core.job
    2014-12-15 15:56 - 2013-12-05 06:40 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-12-15 08:44 - 2014-09-06 18:56 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
    2014-12-15 08:44 - 2014-06-22 09:07 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-15 08:34 - 2014-04-17 20:04 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-15 05:49 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-12-14 07:22 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
    2014-12-12 17:59 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
    2014-12-12 17:59 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
    2014-12-12 09:36 - 2014-08-25 00:18 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-10 22:20 - 2014-03-07 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-10 22:20 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-10 22:19 - 2014-03-02 10:56 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-10 22:16 - 2014-03-02 10:55 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-03 23:26 - 2014-03-15 20:29 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2014-12-03 23:26 - 2014-03-15 20:29 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-11-29 15:38 - 2014-03-02 17:28 - 00551936 ___SH () C:\Users\David\Downloads\Thumbs.db
    2014-11-26 16:10 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-26 16:10 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-23 20:23 - 2013-12-05 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2014-11-23 20:22 - 2013-12-05 06:55 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
    2014-11-23 20:21 - 2014-08-09 09:10 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2014-11-23 20:16 - 2014-03-02 00:23 - 00000000 ____D () C:\Users\David
    2014-11-21 06:14 - 2014-08-09 08:22 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-21 06:14 - 2014-08-09 08:22 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-17 17:13 - 2014-11-03 12:25 - 00000000 ____D () C:\ProgramData\WebEx
    2014-11-17 10:57 - 2014-03-02 00:24 - 00000000 ____D () C:\Users\David\AppData\Local\Packages
    2014-11-15 16:03 - 2014-10-29 09:58 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA
    2014-11-15 16:03 - 2014-10-29 09:58 - 00003506 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core

    Some content of TEMP:
    ====================
    C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\David\AppData\Local\Temp\Quarantine.exe
    C:\Users\David\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-06 16:01

    ==================== End Of Log ============================
     
  13. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
    Ran by David at 2014-12-15 21:38:47
    Running from C:\Users\David\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.21 - Absolute Software)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
    Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.0 - Avid Technology, Inc.)
    BB FlashBack Express 5 (HKLM-x32\...\BB FlashBack Express 5) (Version: 5.3.0.3386 - Blueberry)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.0.229 - Nuance Communications Inc.)
    Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.229 - Nuance Communications Inc.)
    Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
    Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    FedEx Office Printer (HKLM-x32\...\{5B9AC19C-8519-43A1-9578-49CDA1366E66}) (Version: 1.0.010 - FedEx Office)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.2.722 - Kakao)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
    Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
    Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
    Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
    Nuance Speech Component DA-C version 1.1.19 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.19 - Nuance Communications, Inc.)
    Nuance Speech Component DA-L en-US version 1.1.5 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
    ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
    ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
    Sibelius 7 First 7.1.3.78 (HKLM\...\0d849438-e498-4416-ace4-fa9880d0efaa_is1) (Version: 7.1.3.78 - Avid)
    Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
    Spotify (HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
    UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
    WebGuard (HKLM-x32\...\WebGuard) (Version: 3.0.21 - Interesting Solutions)
    WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    02-12-2014 13:48:19 Scheduled Checkpoint
    10-12-2014 20:27:04 Windows Update
    15-12-2014 20:56:14 Adblock Plus for IE
    16-12-2014 00:15:41 Broni malware removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {033A02C1-014C-4202-8103-86D2A6718B6B} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-12-05] (Lenovo)
    Task: {0A80FDCB-B601-402E-8B19-548557999C55} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
    Task: {1B7C5AAC-D9A4-41D9-A9A4-79D08E525EE4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {1E40B2F5-C7EB-42F1-8A19-606245570F56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
    Task: {249D7F06-E1AF-4719-A227-4EB26320E2E0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
    Task: {36B88534-E6BB-4510-8E36-F460BE77029E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
    Task: {3C057E06-E4DD-4409-96A4-44B339A5C35E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {48CF73D6-F252-4EFC-8DDB-43D23163DE89} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
    Task: {587918CC-4636-44D0-9F03-C75A846F728A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {672AFC2F-16CF-4E99-872B-2C8932C0C9F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
    Task: {846C82DA-07B2-4723-8CE4-4E8A5234FCBF} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {C90B3147-8656-46A3-848A-028BB706EAE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {D1D6763C-B152-46CB-9F38-8E32572D2348} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)
    Task: {D87A9EE1-2818-4CD9-99E7-BAEC38F683C7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for YOGA2PRO-SILVER-David yoga2pro-silver => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
    Task: {DC996903-9A05-4F5E-A65C-6652A54336EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {E3E03FFF-3E75-4942-8270-13CD073ED0BE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-14 20:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-08-01 20:31 - 2013-08-01 20:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-01 20:31 - 2013-08-01 20:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-01 20:31 - 2013-08-01 20:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2013-12-05 06:53 - 2012-04-24 05:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2013-12-05 06:54 - 2013-12-05 06:54 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2013-12-05 06:54 - 2013-12-05 06:54 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2013-12-05 06:53 - 2013-12-05 06:53 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2013-12-05 06:53 - 2013-12-05 06:53 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    2013-12-05 06:53 - 2013-12-05 06:53 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    2013-12-05 06:53 - 2013-12-05 06:53 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    2014-11-12 12:42 - 2014-11-12 12:42 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-08-09 09:10 - 2014-08-09 09:10 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-12-15 13:55 - 2014-12-15 13:55 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121502\algo.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2014-03-14 00:12 - 2013-12-10 12:52 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2013-12-05 06:53 - 2013-12-05 06:53 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
    2013-12-05 06:53 - 2013-12-05 06:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
    2014-05-21 23:42 - 2014-11-04 13:54 - 00045056 _____ () C:\Program Files (x86)\Kakao\KakaoTalk\LiteUnzip.dll
    2013-12-05 06:53 - 2013-12-05 06:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
    2014-12-15 21:19 - 2014-12-15 21:19 - 00098816 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32api.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00110080 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\pywintypes27.dll
    2014-12-15 21:19 - 2014-12-15 21:19 - 00364544 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\pythoncom27.dll
    2014-12-15 21:19 - 2014-12-15 21:19 - 00045568 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_socket.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 01160704 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_ssl.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00320512 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32com.shell.shell.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00713216 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_hashlib.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 01175040 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._core_.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00805888 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._gdi_.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00811008 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._windows_.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 01062400 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._controls_.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00735232 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._misc_.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00128512 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_elementtree.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00127488 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\pyexpat.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00557056 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\pysqlite2._sqlite.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00087552 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_ctypes.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00119808 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32file.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00108544 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32security.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00007168 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\hashobjs_ext.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00167936 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32gui.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00018432 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32event.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00038912 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32inet.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00011264 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32crypt.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00070656 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._html2.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00027136 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\_multiprocessing.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00035840 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32process.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00686080 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\unicodedata.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00122368 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._wizard.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00024064 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32pipe.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00025600 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32pdh.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00525640 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\windows._lib_cacheinvalidation.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00010240 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\select.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00017408 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32profile.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00022528 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\win32ts.pyd
    2014-12-15 21:19 - 2014-12-15 21:19 - 00078336 _____ () C:\Users\David\AppData\Local\Temp\_MEI62402\wx._animate.pyd
    2014-08-09 09:10 - 2014-08-09 09:10 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-12-05 06:36 - 2013-08-08 15:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-12-09 08:05 - 2014-12-09 08:05 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "Yoga Picks"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-877737628-3122474596-3873684844-500 - Administrator - Disabled)
    David (S-1-5-21-877737628-3122474596-3873684844-1001 - Administrator - Enabled) => C:\Users\David
    Guest (S-1-5-21-877737628-3122474596-3873684844-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-877737628-3122474596-3873684844-1003 - Limited - Enabled)
    Minhee (S-1-5-21-877737628-3122474596-3873684844-1005 - Limited - Enabled) => C:\Users\Minhee
    William (S-1-5-21-877737628-3122474596-3873684844-1004 - Limited - Enabled) => C:\Users\William

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/15/2014 09:38:37 PM) (Source: DCOM) (EventID: 10010) (User: YOGA2PRO-SILVER)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/15/2014 09:38:07 PM) (Source: DCOM) (EventID: 10010) (User: YOGA2PRO-SILVER)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/15/2014 09:37:37 PM) (Source: DCOM) (EventID: 10010) (User: YOGA2PRO-SILVER)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/15/2014 09:37:07 PM) (Source: DCOM) (EventID: 10010) (User: YOGA2PRO-SILVER)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (12/15/2014 09:36:37 PM) (Source: DCOM) (EventID: 10010) (User: YOGA2PRO-SILVER)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-07 07:30:43.417
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:43.354
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:13.167
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:13.105
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.919
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.855
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.692
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.383
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:24:52.679
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:24:52.590
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 56%
    Total physical RAM: 4008.27 MB
    Available physical RAM: 1759.27 MB
    Total Pagefile: 11176.27 MB
    Available Pagefile: 8533.86 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:101.24 GB) (Free:47.79 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 15E2FFF3)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
    Ran by David at 2014-12-15 21:57:00 Run:1
    Running from C:\Users\David\Desktop
    Loaded Profile: David (Available profiles: David & William & Minhee)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\MountPoints2: {3bcebf4d-3214-11e4-8267-5c514f9413ed} - "E:\Msetup4.exe"
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ProxyServer: [S-1-5-21-877737628-3122474596-3873684844-1001] => http=127.0.0.1:51756;https=127.0.0.1:51756
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Extension: No Name - wrc@avast.com [Not Found]
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=", "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?g...-4987-8F77-5ACA6F7FAF1C&q={searchTerms}&SSPV=
    CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3...BDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SAT=CNTS
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    S2 yXfPaIT; "C:\ProgramData\cINFpU\yXfPaIT.exe" [X]
    C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\David\AppData\Local\Temp\Quarantine.exe
    C:\Users\David\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties

    *****************

    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bcebf4d-3214-11e4-8267-5c514f9413ed}" => Key deleted successfully.
    "HKCR\CLSID\{3bcebf4d-3214-11e4-8267-5c514f9413ed}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    FF Extension: No Name - wrc@avast.com [Not Found] not found.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3...BDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SAT=CNTS => Error: No automatic fix found for this entry.
    Chrome DefaultSuggestURL deleted successfully.
    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
    yXfPaIT => Service deleted successfully.
    C:\Users\David\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
    "HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    "C:\Users\David\SkyDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog ====
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  17. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Security Check said only "UNSUPPORTED OPERATING SYSTEM! ABORTED!"
    Should I proceed with FSS, TFC, and Sophos?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Always read my instructions carefully.

     
  19. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Results of screen317's Security Check version 0.99.93
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 67
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Flash Player 16.0.0.235
    Adobe Reader XI
    Mozilla Firefox (34.0.5)
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  20. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Farbar Service Scanner Version: 21-07-2014
    Ran by David (administrator) on 15-12-2014 at 22:12:42
    Running from "C:\Users\David\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  21. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Sophos found nothing.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  23. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Before I do those final steps, can I run a couple related questions by you?

    1. I didn't pay attention to MBAM's settings when we first used it above, but it keeps running and showing warnings about PUPs. When I look at the details, some of the things it finds do sound like they might be bogus (e.g. "webguard") but MBAM's default action for them all is "ignore" (rather than exclude or quarantine). Here's one such log. (And below that is my next question):

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/16/2014
    Scan Time: 3:08:29 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.16.02
    Rootkit Database: v2014.12.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: David

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 410386
    Time Elapsed: 6 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.WebGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebGuard, , [1904dd861a62bc7a136505ce5ea36e92],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [ff1ed78c354775c10fb43697d43046ba],
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [dd40cc97ff7d24123d85fcd19d6716ea],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard, , [59c470f32755043210ca36270ff40ff1],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer, , [3de00c57dba168ce6880bcc9788bc937],

    Files: 12
    PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\dVzZUYtqv.exe, , [49d4ff64225acb6bed8b5d7660a11de3],
    PUP.Optional.WebGuard.A, C:\ProgramData\WebGuard\uninstall.exe, , [1904dd861a62bc7a136505ce5ea36e92],
    PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard\data2.dat, , [59c470f32755043210ca36270ff40ff1],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, , [6ab3d3906f0dfd398030b7b8778cef11],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, , [c05da8bb2f4dc96dcbe597d86a99b24e],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\ContentExplorer.exe, , [36e7204391ebb97d82655431669d2dd3],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\RootCert.cer, , [3de00c57dba168ce6880bcc9788bc937],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\loader.dat, , [3de00c57dba168ce6880bcc9788bc937],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\makecert.exe, , [3de00c57dba168ce6880bcc9788bc937],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\storage.bin, , [3de00c57dba168ce6880bcc9788bc937],
    PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\uninstall.exe, , [3de00c57dba168ce6880bcc9788bc937],
    PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [1c0174efe99351e58a3c6a63d62e03fd],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Anything I should do based on my question (and log) above?


    2. next question: there's this program that keeps popping up (but it only started popping up in the past couple months) called "Software Manager" (to me, that name also sounds suspicious; also the graphic that pops up looks cheap and old, which is another red flag to me of a possible bogus program). Can I get your opinion on whether it really belongs on my system or not, and if so, what additional info might you need to decide?

    Ok I'm going to be offline for a few hours now but thanks in advance for any answers to the questions above. (And after that I will proceed with your cleanup steps above.)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. I'd remove all MBAM findings (no exceptions).

    2. "Software Manager" keeps popping up when exactly?
     
  25. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    1. I don't know the difference between "add exclusion" and "quarantine." Should I choose quarantine?

    2. "Software Manager" seemed to pop up at random times, but on further investigation (opening it and looking around) it seems to have a schedule. Its full name is "FlexNet Connect Common Software Manager" from "Flexera Software LLC." The schedule I saw in its settings mentions another program on my machine (a legitimate one, Dragon Assistant), but I just don't remember "Software Manager" coming pre-installed on the machine when the machine was new, or ever popping up until recently.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...