TechSpot

Windows 8.1 (w/update) PC riddled w/ adware including "finedealsofet" junk; can't run DDS

Solved
By losdavos
Aug 18, 2014
  1. Hi, and sincere thanks in advance.

    My Windows 8.1 machine has one or more bad infections. Below is my first MBAM log, but every time I try to run DDS (from both links Techspot offers, and with my antivirus suspended), I keep getting a popup that says the program "is not meant to run in Compatibility Mode."

    Anyway, here's my MBAM log, thanks again in advance:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/18/2014
    Scan Time: 9:05:34 PM
    Logfile: mbam1.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.18.10
    Rootkit Database: v2014.08.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: David

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 372563
    Time Elapsed: 7 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 5
    PUP.Optional.LiveLyrics.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Delete-on-Reboot, [9e749e2a3d3e15212c5d3abb689a32ce],
    PUP.Optional.LiveLyrics.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Delete-on-Reboot, [858d88403447ba7cc6c339bc669c9f61],
    PUP.Optional.Superfish.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [b161fcccc2b90a2c0884f40380824cb4],
    PUP.Optional.Superfish.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [ec26497fa6d574c25b311ed9fa0851af],
    PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.toshiba.com/", "http://www.google.com/", "http://websearch.calcitapp.info/" ],), Replaced,[fd159d2b562572c4221520e635d0ff01]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    DDS won't run on Windows 8.1.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  3. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Here's my Roguekiller log, and now I'm going to create my new restore point (and not do anything else until told to!):

    RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Remove -- Date : 08/18/2014 23:25:33

    ¤¤¤ Bad processes : 2 ¤¤¤
    [Suspicious.Path] RTFTrack.exe -- C:\Windows\RTFTrack.exe[7] -> KILLED [TermProc]
    [Suspicious.Path] (SVC) ymc -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe[7] -> STOPPED

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe [x] -> DELETED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NOT SELECTED
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MZMPC128HBFU-000L1 +++++
    --- User ---
    [MBR] bcd0f1149c190a550956e6d8f1fc3115
    [BSP] f108b737926102ae2a376be190d80d96 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_08182014_232526.log
     
  4. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Ok and now here are my mbar log, followed by system-log.txt. Note, mbar did NOT report any malware, so I have NOT rebooted; I hope that's ok:

    mbar-log:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.08.19.03

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17207
    David :: YOGA2PRO-SILVER [administrator]

    8/18/2014 11:34:41 PM
    mbar-log-2014-08-18 (23-34-41).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 373009
    Time elapsed: 5 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    system-log.txt:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17207

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.295000 GHz
    Memory total: 4202979328, free: 1237303296

    Downloaded database version: v2014.08.19.03
    Downloaded database version: v2014.08.16.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    08/18/2014 23:34:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\DptfDevProc.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\DRIVERS\NETwbw02.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\AcpiVpc.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\system32\DRIVERS\DptfDevPch.sys
    \SystemRoot\System32\drivers\msgpiowin32.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\system32\DRIVERS\DptfManager.sys
    \SystemRoot\System32\drivers\ISCTD64.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\iwdbus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ibtusb.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\system32\DRIVERS\rtsuvc.sys
    \SystemRoot\System32\drivers\BthLEEnum.sys
    \SystemRoot\System32\drivers\rfcomm.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\System32\Drivers\INETMON.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\System32\drivers\WUDFRd.sys
    \SystemRoot\System32\drivers\mshidumdf.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\monitor.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffe00101301450
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000032\
    Lower Device Object: 0xffffe000ff082130
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe00101301450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001012a1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe00101301450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe000ff4d2040, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe000ff082130, DeviceName: \Device\00000032\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpials.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpials.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 15E2FFF3

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1882524988
    GPT Header CurrentLba = 1 BackupLba 250069679
    GPT Header FirstUsableLba 34 LastUsableLba 250069646
    GPT Header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1882524988
    Backup GPT header CurrentLba = 250069679 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 250069646
    Backup GPT header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
    Backup GPT header Contains 128 partition entries starting at LBA 250069647
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2401c6a0-e1da-4784-b77e-b52034cfb7
    FirstLBA 2048 Last LBA 2050047
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 247497fe-63d2-4101-b15b-b365933ef47a
    FirstLBA 2050048 Last LBA 2582527
    Attributes 1
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 485dbef6-9c0d-4489-975f-5666aae2a1e
    FirstLBA 2582528 Last LBA 4630527
    Attributes 1
    Partition Name Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2b612072-1f29-4266-ad55-7938cda2985b
    FirstLBA 4630528 Last LBA 4892671
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4c4d23a1-bd41-474d-9e74-df507f2c802f
    FirstLBA 4892672 Last LBA 217206783
    Attributes 0
    Partition Name Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7f8973bb-836d-4270-9b49-81433120c7bd
    FirstLBA 217206784 Last LBA 225595391
    Attributes 0
    Partition Name Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID cacf430a-569-4f60-8ef4-bcbfff72ea11
    FirstLBA 225595392 Last LBA 250068991
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  5. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  6. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Okay this post contains 1 log from AdwCleaner, and 1 from JRT; Farbar logs to come in next post:

    # AdwCleaner v3.307 - Report created 19/08/2014 at 00:58:40
    # Updated 17/08/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : David - YOGA2PRO-SILVER
    # Running from : C:\Users\David\Desktop\adwcleaner_3.307.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\David\AppData\Local\Temp\NetCrawl
    Folder Deleted : C:\Users\David\Documents\Optimizer Pro
    File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\user.js
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
    File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\prefs.js ]

    Line Deleted : user_pref("extensions.UZK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
    Line Deleted : user_pref("extensions.rI6860vj71m.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

    -\\ Google Chrome v36.0.1985.125

    [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://websearch.calcitapp.info/

    [ File : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://websearch.calcitapp.info/

    *************************

    AdwCleaner[R0].txt - [3408 octets] - [19/08/2014 00:57:37]
    AdwCleaner[S0].txt - [3249 octets] - [19/08/2014 00:58:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3309 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by David on Tue 08/19/2014 at 1:05:19.54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders


    ~~~ FireFox

    Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\re8nxqow.default\minidumps [5 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 08/19/2014 at 1:13:04.91
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Actually here's only the first portion of FRST.txt; to be completed in subsequent post(s):

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
    Ran by David (administrator) on YOGA2PRO-SILVER on 19-08-2014 01:18:17
    Running from C:\Users\David\Desktop
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
    (Google Inc.) C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
    (Kakao Inc.) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-12] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-12-05] (Lenovo)
    HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-12-05] ()
    HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2014-03-07] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-05] (Lenovo(beijing) Limited)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
    HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-12-27] (Absolute Software)
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-09] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\.DEFAULT\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-02] (Google Inc.)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [DragonAssistant] => "C:\Program Files (x86)\Nuance\Dragon Assistant\Application\DragonAssistant.exe"
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
    HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5405384 2014-07-31] (Kakao Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
    ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKLM - {93D4594E-4443-44D0-B089-1C88D7241B42} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM-x32 - {93D4594E-4443-44D0-B089-1C88D7241B42} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKCU - {93D4594E-4443-44D0-B089-1C88D7241B42} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-07]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]

    Chrome:
    =======
    CHR HomePage: hxxp://google.com/
    CHR StartupUrls: "hxxp://start.toshiba.com/", "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
    CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
    CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
    CHR Extension: (Google News) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-02]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2014-03-02]
    CHR Extension: (NYTimes) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-03-02]
    CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-02]
    CHR Extension: (The Economist) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-03-02]
    CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-02]
    CHR Extension: (avast! Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-09]
    CHR Extension: (BharatMatrimony) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgehjabcocfbddmjickonnjpjnjafcj [2014-08-06]
    CHR Extension: (Lego Builder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2014-03-02]
    CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
    CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-12-27] (Absolute Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [447888 2013-12-10] (Nuance Communications, Inc.)
    R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2013-12-17] (Nuance Communications, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-07-30] (LENOVO INCORPORATED.)
    R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-12-05] (Lenovo)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
    R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
    R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-12-05] (Lenovo)
    S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-12-05] (Lenovo)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-05] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-12-05] (Lenovo)
    S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
    S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
    S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-09] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-09] ()
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-09] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
    R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
    S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-18] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  8. losdavos

    losdavos TS Member Topic Starter Posts: 84

    FRST.txt continued:



    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-19 01:18 - 2014-08-19 01:18 - 00026591 _____ () C:\Users\David\Desktop\FRST.txt
    2014-08-19 01:17 - 2014-08-19 01:18 - 00000000 ____D () C:\FRST
    2014-08-19 01:17 - 2014-08-19 01:17 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-08-19 01:13 - 2014-08-19 01:13 - 00000753 _____ () C:\Users\David\Desktop\JRT.txt
    2014-08-19 01:05 - 2014-08-19 01:05 - 00000000 ____D () C:\windows\ERUNT
    2014-08-19 01:03 - 2014-08-19 01:03 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
    2014-08-19 00:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
    2014-08-19 00:57 - 2014-08-19 00:58 - 00000000 ____D () C:\AdwCleaner
    2014-08-19 00:57 - 2014-08-19 00:57 - 01361671 _____ () C:\Users\David\Desktop\adwcleaner_3.307.exe
    2014-08-18 23:34 - 2014-08-18 23:40 - 00000000 ____D () C:\Users\David\Desktop\mbar
    2014-08-18 23:34 - 2014-08-18 23:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-18 23:33 - 2014-08-18 23:33 - 14349744 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.07.0.1012.exe
    2014-08-18 23:21 - 2014-08-18 23:21 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-18 23:19 - 2014-08-18 23:19 - 04851288 _____ () C:\Users\David\Desktop\RogueKiller.exe
    2014-08-18 21:36 - 2014-08-18 21:36 - 00002125 _____ () C:\Users\David\Desktop\mbam1.txt
    2014-08-18 21:21 - 2014-08-18 21:21 - 00688992 _____ (Swearware) C:\Users\David\Desktop\dds (2).com
    2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
    2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds (1).com
    2014-08-18 21:19 - 2014-08-18 21:19 - 00002125 _____ () C:\mbam1.txt
    2014-08-18 21:06 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-08-18 21:06 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-08-18 21:06 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-08-18 21:06 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-08-18 21:06 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-08-18 21:06 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-08-18 21:06 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-08-18 21:06 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-08-18 21:06 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-08-18 21:06 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-08-18 21:06 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-08-18 21:06 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-08-18 21:06 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-08-18 21:06 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-08-18 21:06 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-08-18 21:06 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-08-18 21:06 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-08-18 21:06 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-08-18 21:06 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-08-18 21:06 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-08-18 21:05 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-08-18 21:05 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-08-18 21:05 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-08-18 21:05 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-08-18 21:05 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-08-18 21:05 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-08-18 21:05 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 21:05 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-08-18 21:05 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-08-18 21:05 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-18 21:05 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-08-18 21:05 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-08-18 21:05 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-08-18 21:05 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-08-18 21:05 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-08-18 21:04 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2014-08-18 21:04 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2014-08-18 21:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
    2014-08-18 21:03 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\windows\system32\WpcMon.exe
    2014-08-18 21:03 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
    2014-08-18 21:03 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\windows\system32\WpcWebSync.dll
    2014-08-18 21:03 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
    2014-08-18 21:03 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
    2014-08-18 21:03 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
    2014-08-18 21:03 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
    2014-08-18 21:03 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
    2014-08-18 21:03 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
    2014-08-18 21:03 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2014-08-18 21:03 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
    2014-08-18 21:03 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2014-08-18 21:03 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2014-08-18 21:03 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
    2014-08-18 21:03 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
    2014-08-18 21:03 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
    2014-08-18 21:03 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
    2014-08-18 21:03 - 2014-05-31 06:07 - 00467800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
    2014-08-18 21:03 - 2014-05-31 06:07 - 00440664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
    2014-08-18 21:03 - 2014-05-31 06:07 - 00419672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
    2014-08-18 21:03 - 2014-05-31 06:07 - 00089944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
    2014-08-18 21:03 - 2014-05-31 06:07 - 00027480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
    2014-08-18 21:03 - 2014-05-31 02:30 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
    2014-08-18 21:03 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2014-08-18 21:03 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
    2014-08-18 21:03 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
    2014-08-18 21:03 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
    2014-08-18 21:03 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
    2014-08-18 21:03 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
    2014-08-18 21:03 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-08-18 21:03 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
    2014-08-18 21:03 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll
    2014-08-18 21:03 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
    2014-08-18 21:03 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
    2014-08-18 21:03 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\BulkOperationHost.exe
    2014-08-18 21:03 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-08-18 21:03 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
    2014-08-18 21:03 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll
    2014-08-18 21:03 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-08-18 21:03 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll
    2014-08-18 21:03 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2014-08-18 21:03 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2014-08-18 21:03 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
    2014-08-18 21:03 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\ncobjapi.dll
    2014-08-18 21:03 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\windows\system32\framedynos.dll
    2014-08-18 21:03 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\framedyn.dll
    2014-08-18 21:03 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncobjapi.dll
    2014-08-18 21:03 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedynos.dll
    2014-08-18 21:03 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedyn.dll
    2014-08-18 21:03 - 2014-05-02 19:26 - 00050745 _____ () C:\windows\system32\srms.dat
    2014-08-18 21:03 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2014-08-18 21:03 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys
    2014-08-18 21:03 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2014-08-18 21:03 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys
    2014-08-18 21:03 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys
    2014-08-18 21:03 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
    2014-08-18 21:03 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
    2014-08-18 21:03 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
    2014-08-18 21:03 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore.dll
    2014-08-18 21:03 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
    2014-08-18 21:03 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc.dll
    2014-08-18 21:03 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
    2014-08-18 21:03 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
    2014-08-18 21:03 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore.dll
    2014-08-18 21:03 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
    2014-08-18 21:03 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
    2014-08-18 21:03 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc.dll
    2014-08-18 21:03 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll
    2014-08-18 21:03 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
    2014-08-18 21:03 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
    2014-08-18 21:03 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
    2014-08-18 21:03 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
    2014-08-18 21:03 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\windows\system32\d3d9.dll
    2014-08-18 21:03 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d9.dll
    2014-08-18 21:03 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d8thk.dll
    2014-08-18 21:03 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
    2014-08-18 21:03 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
    2014-08-18 21:01 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-08-18 21:01 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-08-18 21:01 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-08-18 21:01 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-08-18 21:01 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-08-18 21:01 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-08-18 21:01 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-08-18 20:59 - 2014-08-18 20:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-18 20:59 - 2014-08-18 20:59 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-09 13:27 - 2014-08-09 13:27 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com
    2014-08-09 13:26 - 2014-08-09 13:26 - 04813544 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup416.exe
    2014-08-09 13:24 - 2014-08-09 13:24 - 00368256 _____ (RegNow.com) C:\Users\David\Downloads\Download_MaxSDDMnew.exe
    2014-08-09 10:11 - 2014-08-09 10:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
    2014-08-09 10:10 - 2014-08-18 21:17 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-08-09 10:10 - 2014-08-09 10:10 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2014-08-09 10:10 - 2014-08-09 10:10 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2014-08-09 10:10 - 2014-08-09 10:10 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-09 10:09 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-08-09 09:57 - 2014-08-09 10:06 - 91906368 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup.exe
    2014-08-09 09:22 - 2014-08-18 23:34 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-09 09:22 - 2014-08-18 23:34 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-08-09 09:22 - 2014-08-09 09:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-09 09:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-08-09 09:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-08-09 09:21 - 2014-08-09 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-06 20:05 - 2014-08-09 09:31 - 00000000 ____D () C:\ProgramData\FineDeaLSooft
    2014-08-05 20:10 - 2014-08-05 20:10 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2014-08-05 20:10 - 2014-08-05 20:10 - 00000000 ____D () C:\Program Files\Java
    2014-08-05 20:09 - 2014-08-05 20:09 - 31013800 _____ (Oracle Corporation) C:\Users\David\Downloads\jre-7u67-windows-x64.exe
    2014-08-04 08:39 - 2014-08-08 08:43 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
    2014-07-30 18:53 - 2014-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-27 07:31 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Local\Adobe
    2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\Nitro
    2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\FileOpen
    2014-07-27 07:24 - 2014-07-30 11:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1004
    2014-07-27 07:20 - 2014-07-27 07:20 - 00000000 ____D () C:\Users\William\AppData\Roaming\Intel Corporation
    2014-07-27 07:19 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Adobe
    2014-07-27 07:19 - 2014-07-27 07:19 - 00001453 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000020 ___SH () C:\Users\William\ntuser.ini
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\VirtualStore
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Packages
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Google
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William
    2014-07-27 07:19 - 2014-07-14 08:49 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-07-27 07:19 - 2014-05-17 16:24 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-07-27 07:19 - 2014-03-02 04:12 - 00002123 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
    2014-07-27 07:19 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2014-07-27 07:19 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2014-07-27 07:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-07-27 07:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-07-24 18:15 - 2014-07-24 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
    2014-07-24 18:15 - 2014-07-24 18:15 - 00001024 _____ () C:\Users\Public\Desktop\Sibelius 7 First.lnk
    2014-07-24 18:15 - 2014-07-24 18:15 - 00000000 ____D () C:\Users\David\Documents\Scores
    2014-07-24 18:14 - 2014-07-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Avid
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Public\Documents\Sibelius First Example Scores
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\Avid
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\ProgramData\Avid
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files\Avid
    2014-07-24 18:09 - 2014-07-24 18:13 - 277092216 _____ (Avid ) C:\Users\David\Downloads\SibeliusFirst713b78.exe
    2014-07-22 20:37 - 2014-08-09 09:31 - 00000000 ____D () C:\ProgramData\toopbuyer
    2014-07-22 20:37 - 2014-08-06 20:05 - 00000000 ____D () C:\ProgramData\8b62050778c65706

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-19 01:18 - 2014-08-19 01:18 - 00026591 _____ () C:\Users\David\Desktop\FRST.txt
    2014-08-19 01:18 - 2014-08-19 01:17 - 00000000 ____D () C:\FRST
    2014-08-19 01:17 - 2014-08-19 01:17 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-08-19 01:16 - 2014-03-02 02:40 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{FFC35960-518E-4C92-8FFD-0731F1F5D7F6}
    2014-08-19 01:13 - 2014-08-19 01:13 - 00000753 _____ () C:\Users\David\Desktop\JRT.txt
    2014-08-19 01:12 - 2013-12-05 07:40 - 02089820 _____ () C:\windows\WindowsUpdate.log
    2014-08-19 01:05 - 2014-08-19 01:05 - 00000000 ____D () C:\windows\ERUNT
    2014-08-19 01:05 - 2014-03-02 01:29 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1001
    2014-08-19 01:04 - 2013-08-28 04:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-08-19 01:03 - 2014-08-19 01:03 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
    2014-08-19 01:03 - 2013-12-05 07:55 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
    2014-08-19 01:00 - 2014-03-02 03:25 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-19 01:00 - 2014-03-02 03:24 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-19 01:00 - 2014-03-02 01:25 - 00000000 __RDO () C:\Users\David\SkyDrive
    2014-08-19 01:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
    2014-08-19 00:59 - 2013-12-05 07:54 - 00006656 _____ () C:\windows\system32\VfService.trf
    2014-08-19 00:59 - 2013-12-05 07:34 - 00013895 _____ () C:\windows\setupact.log
    2014-08-19 00:59 - 2013-08-28 04:34 - 00020472 _____ () C:\windows\PFRO.log
    2014-08-19 00:59 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-08-19 00:59 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-08-19 00:59 - 2013-08-22 09:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2014-08-19 00:58 - 2014-08-19 00:57 - 00000000 ____D () C:\AdwCleaner
    2014-08-19 00:57 - 2014-08-19 00:57 - 01361671 _____ () C:\Users\David\Desktop\adwcleaner_3.307.exe
    2014-08-19 00:39 - 2014-04-02 20:29 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job
    2014-08-19 00:30 - 2014-03-29 09:15 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c.job
    2014-08-19 00:30 - 2014-03-29 09:15 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd.job
    2014-08-19 00:28 - 2014-06-22 10:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-08-19 00:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\rescache
    2014-08-18 23:49 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-08-18 23:40 - 2014-08-18 23:34 - 00000000 ____D () C:\Users\David\Desktop\mbar
    2014-08-18 23:40 - 2014-08-18 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-18 23:34 - 2014-08-09 09:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-18 23:34 - 2014-08-09 09:22 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-08-18 23:33 - 2014-08-18 23:33 - 14349744 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.07.0.1012.exe
    2014-08-18 23:21 - 2014-08-18 23:21 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-18 23:19 - 2014-08-18 23:19 - 04851288 _____ () C:\Users\David\Desktop\RogueKiller.exe
    2014-08-18 21:40 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-08-18 21:36 - 2014-08-18 21:36 - 00002125 _____ () C:\Users\David\Desktop\mbam1.txt
    2014-08-18 21:32 - 2014-03-02 11:56 - 00000000 ____D () C:\windows\system32\MRT
    2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ___RD () C:\windows\ToastData
    2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\MediaViewer
    2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\FileManager
    2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\Camera
    2014-08-18 21:30 - 2014-03-02 11:55 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-08-18 21:21 - 2014-08-18 21:21 - 00688992 _____ (Swearware) C:\Users\David\Desktop\dds (2).com
    2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
    2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds (1).com
    2014-08-18 21:19 - 2014-08-18 21:19 - 00002125 _____ () C:\mbam1.txt
    2014-08-18 21:17 - 2014-08-09 10:10 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-08-18 21:01 - 2014-07-10 02:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-08-18 21:01 - 2014-07-10 02:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-08-18 21:01 - 2014-06-30 22:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-08-18 21:01 - 2014-06-30 22:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-08-18 21:01 - 2014-05-04 01:30 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-08-18 21:01 - 2014-05-04 01:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-08-18 21:01 - 2014-05-04 01:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-08-18 21:01 - 2014-05-04 01:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-08-18 21:01 - 2014-05-04 01:24 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-08-18 21:01 - 2014-05-04 01:24 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-08-18 21:01 - 2014-03-02 11:49 - 00233912 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
    2014-08-18 21:00 - 2014-06-18 08:06 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-08-18 20:59 - 2014-08-18 20:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-08-18 20:59 - 2014-08-18 20:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-08-18 20:59 - 2014-08-18 20:59 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-08-09 13:27 - 2014-08-09 13:27 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com
    2014-08-09 13:26 - 2014-08-09 13:26 - 04813544 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup416.exe
    2014-08-09 13:24 - 2014-08-09 13:24 - 00368256 _____ (RegNow.com) C:\Users\David\Downloads\Download_MaxSDDMnew.exe
    2014-08-09 10:11 - 2014-08-09 10:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
    2014-08-09 10:10 - 2014-08-09 10:10 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2014-08-09 10:10 - 2014-08-09 10:10 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2014-08-09 10:10 - 2014-08-09 10:10 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2014-08-09 10:10 - 2014-08-09 10:10 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-09 10:10 - 2014-08-09 10:09 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-08-09 10:06 - 2014-08-09 09:57 - 91906368 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup.exe
    2014-08-09 09:31 - 2014-08-06 20:05 - 00000000 ____D () C:\ProgramData\FineDeaLSooft
    2014-08-09 09:31 - 2014-07-22 20:37 - 00000000 ____D () C:\ProgramData\toopbuyer
    2014-08-09 09:31 - 2014-05-05 21:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-08-09 09:31 - 2014-05-05 21:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-08-09 09:31 - 2014-03-08 00:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-08-09 09:31 - 2013-08-22 10:44 - 00568536 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-08-09 09:22 - 2014-08-09 09:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-09 09:21 - 2014-08-09 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
    2014-08-08 08:45 - 2014-03-02 04:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-08-08 08:43 - 2014-08-04 08:39 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
    2014-08-08 08:43 - 2013-12-05 07:50 - 00000000 ____D () C:\ProgramData\Lenovo
    2014-08-08 08:42 - 2013-12-05 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2014-08-08 08:42 - 2013-12-05 07:50 - 00000000 ____D () C:\Program Files (x86)\Lenovo
    2014-08-06 20:05 - 2014-07-22 20:37 - 00000000 ____D () C:\ProgramData\8b62050778c65706
    2014-08-05 20:10 - 2014-08-05 20:10 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2014-08-05 20:10 - 2014-08-05 20:10 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2014-08-05 20:10 - 2014-08-05 20:10 - 00000000 ____D () C:\Program Files\Java
    2014-08-05 20:09 - 2014-08-05 20:09 - 31013800 _____ (Oracle Corporation) C:\Users\David\Downloads\jre-7u67-windows-x64.exe
    2014-08-01 23:11 - 2014-08-18 21:03 - 00918528 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
    2014-08-01 20:17 - 2013-08-22 11:38 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-08-01 20:17 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-08-01 07:39 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\NDF
    2014-07-30 18:53 - 2014-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-30 11:55 - 2014-07-27 07:24 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1004
    2014-07-27 07:31 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Local\Adobe
    2014-07-27 07:31 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Roaming\Adobe
    2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\Nitro
    2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\FileOpen
    2014-07-27 07:20 - 2014-07-27 07:20 - 00000000 ____D () C:\Users\William\AppData\Roaming\Intel Corporation
    2014-07-27 07:19 - 2014-07-27 07:19 - 00001453 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000020 ___SH () C:\Users\William\ntuser.ini
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\VirtualStore
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Packages
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Google
    2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William
    2014-07-25 10:52 - 2014-08-18 21:05 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-07-25 09:51 - 2014-08-18 21:05 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-07-25 09:28 - 2014-08-18 21:05 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-07-25 09:25 - 2014-08-18 21:06 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-07-25 09:25 - 2014-08-18 21:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-07-25 08:59 - 2014-08-18 21:06 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-07-25 08:40 - 2014-08-18 21:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-07-25 08:34 - 2014-08-18 21:05 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-07-25 08:30 - 2014-08-18 21:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-07-25 08:28 - 2014-08-18 21:06 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-07-25 08:28 - 2014-08-18 21:05 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-07-25 08:21 - 2014-08-18 21:06 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-07-25 08:17 - 2014-08-18 21:06 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-07-25 08:10 - 2014-08-18 21:06 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-07-25 08:08 - 2014-08-18 21:05 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-07-25 08:06 - 2014-08-18 21:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-07-25 07:52 - 2014-08-18 21:06 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-07-25 07:47 - 2014-08-18 21:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-07-25 07:43 - 2014-08-18 21:05 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-07-25 07:43 - 2014-08-18 21:05 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-25 07:42 - 2014-08-18 21:05 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-07-25 07:39 - 2014-08-18 21:06 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-07-25 07:34 - 2014-08-18 21:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-07-25 07:29 - 2014-08-18 21:06 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-07-25 07:23 - 2014-08-18 21:06 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-07-25 07:13 - 2014-08-18 21:06 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-07-25 07:09 - 2014-08-18 21:05 - 00291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-07-25 07:07 - 2014-08-18 21:06 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-07-25 07:03 - 2014-08-18 21:06 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-07-25 06:52 - 2014-08-18 21:05 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-07-25 06:26 - 2014-08-18 21:06 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-07-25 06:17 - 2014-08-18 21:06 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-07-25 06:09 - 2014-08-18 21:06 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-07-25 06:05 - 2014-08-18 21:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-07-25 06:00 - 2014-08-18 21:06 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-07-24 18:23 - 2014-07-24 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
    2014-07-24 18:23 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files (x86)\Avid
    2014-07-24 18:23 - 2014-03-14 01:42 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations
    2014-07-24 18:15 - 2014-07-24 18:15 - 00001024 _____ () C:\Users\Public\Desktop\Sibelius 7 First.lnk
    2014-07-24 18:15 - 2014-07-24 18:15 - 00000000 ____D () C:\Users\David\Documents\Scores
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Public\Documents\Sibelius First Example Scores
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\Avid
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\ProgramData\Avid
    2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files\Avid
    2014-07-24 18:13 - 2014-07-24 18:09 - 277092216 _____ (Avid ) C:\Users\David\Downloads\SibeliusFirst713b78.exe
    2014-07-24 08:42 - 2014-05-05 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-20 13:27 - 2014-03-02 18:28 - 00445440 ___SH () C:\Users\David\Downloads\Thumbs.db

    Some content of TEMP:
    ====================
    C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe
    C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe
    C:\Users\David\AppData\Local\Temp\DARestart.exe
    C:\Users\David\AppData\Local\Temp\DeescalateStart.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe
    C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\David\AppData\Local\Temp\optprosetup.exe
    C:\Users\David\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-18 23:49

    ==================== End Of Log ============================
     
  9. losdavos

    losdavos TS Member Topic Starter Posts: 84

    And now here's Farbar's "Additional.txt:"


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
    Ran by David at 2014-08-19 01:18:50
    Running from C:\Users\David\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.21 - Absolute Software)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.0 - Avid Technology, Inc.)
    Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.28.00 - Lenovo Group Limited) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.0.229 - Nuance Communications Inc.)
    Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.229 - Nuance Communications Inc.)
    Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
    Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) PRO/Wireless Driver (Version: 16.05.3000.0595 - Intel Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
    Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
    Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
    Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
    KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.0.661 - Kakao)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.26.00 - Lenovo Group Limited)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
    Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
    Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
    Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
    Nuance Speech Component DA-C version 1.1.19 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.19 - Nuance Communications, Inc.)
    Nuance Speech Component DA-L en-US version 1.1.5 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
    ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
    ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
    Sibelius 7 First 7.1.3.78 (HKLM\...\0d849438-e498-4416-ace4-fa9880d0efaa_is1) (Version: 7.1.3.78 - Avid)
    Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
    Update for Microsoft en-us Dictionary (Version: 16.1.810.1 - Microsoft Corporation) Hidden
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
    UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    06-08-2014 00:09:50 Installed Java 7 Update 67 (64-bit)
    09-08-2014 14:10:00 avast! antivirus system restore point
    19-08-2014 01:28:58 Windows Update
    19-08-2014 03:31:48 being walked through malware removal by techspot's Broni

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {01449005-E712-412A-A244-7F970AF191C1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
    Task: {033A02C1-014C-4202-8103-86D2A6718B6B} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-12-05] (Lenovo)
    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0CAF99AA-B2A6-4F8F-A04A-BC0A0D926907} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2B69BE04-56C3-483D-A58D-AB2D882567EB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {36B88534-E6BB-4510-8E36-F460BE77029E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {44D500C5-DFD3-41B3-8DC3-4F0EB79A5A4C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {481D4110-24D1-426E-8698-120875BC9BC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {56F8B195-0246-4CD2-B522-5F5EA97D62C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {587918CC-4636-44D0-9F03-C75A846F728A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {63D0C4EA-1960-44FF-893A-0DDA383F748A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {68C5033E-5B62-4262-81DD-87E9C21A1A35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-08-18] (Microsoft Corporation)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {814FEC4E-D946-4355-B799-B82A669B9AB1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
    Task: {84469426-D356-4D04-8CD0-83177EB592EC} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {846C82DA-07B2-4723-8CE4-4E8A5234FCBF} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {906A7AC7-C22D-4BBC-ADD0-2BF8CF767E40} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-07-30] ()
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {BF3DBCB8-9B8E-4551-8359-F95BD7725B79} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
    Task: {C90B3147-8656-46A3-848A-028BB706EAE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {CF664A07-92B2-4585-9459-3244E474931C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D1D6763C-B152-46CB-9F38-8E32572D2348} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {DC996903-9A05-4F5E-A65C-6652A54336EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {FC1563FD-AFC1-491E-8712-2821E13FC395} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-14 21:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-08-01 21:31 - 2013-08-01 21:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-01 21:31 - 2013-08-01 21:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-01 21:31 - 2013-08-01 21:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2013-12-05 07:53 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2013-12-05 07:54 - 2013-12-05 07:54 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2013-12-05 07:54 - 2013-12-05 07:54 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    2013-12-05 07:53 - 2013-12-05 07:53 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    2013-12-05 07:50 - 2013-07-31 19:32 - 00034288 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.Utils.dll
    2014-07-11 03:28 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    2014-08-09 10:10 - 2014-08-09 10:10 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-08-18 21:17 - 2014-08-18 21:17 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081800\algo.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2014-03-14 01:12 - 2013-12-10 13:52 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
    2013-12-05 07:53 - 2013-12-05 07:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
    2014-05-22 00:42 - 2014-05-22 00:42 - 00045056 _____ () C:\Program Files (x86)\Kakao\KakaoTalk\LiteUnzip.dll
    2014-08-09 10:10 - 2014-08-09 10:10 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-12-05 07:36 - 2013-08-08 16:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-07-17 18:36 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
    2014-07-17 18:36 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
    2014-07-17 18:36 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
    2014-07-17 18:36 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
    2014-07-17 18:36 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-07 07:30:43.417
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:43.354
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:13.167
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:13.105
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.919
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.855
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.692
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:30:12.383
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:24:52.679
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-07 07:24:52.590
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 50%
    Total physical RAM: 4008.27 MB
    Available physical RAM: 1976.12 MB
    Total Pagefile: 9896.27 MB
    Available Pagefile: 7637.43 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:101.24 GB) (Free:52.28 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 15E2FFF3)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Thanks. Here's the log you last asked for:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
    Ran by David at 2014-08-21 13:09:01 Run:1
    Running from C:\Users\David\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    SearchScopes: HKCU - {93D4594E-4443-44D0-B089-1C88D7241B42} URL =
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
    S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
    S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
    C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe
    C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe
    C:\Users\David\AppData\Local\Temp\DARestart.exe
    C:\Users\David\AppData\Local\Temp\DeescalateStart.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe
    C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\David\AppData\Local\Temp\optprosetup.exe
    C:\Users\David\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties
    *****************

    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93D4594E-4443-44D0-B089-1C88D7241B42}" => Key deleted successfully.
    "HKCR\CLSID\{93D4594E-4443-44D0-B089-1C88D7241B42}" => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    EvtEng => Service deleted successfully.
    McAPExe => Service deleted successfully.
    MyWiFiDHCPDNS => Service deleted successfully.
    RegSrvc => Service deleted successfully.
    C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\DARestart.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\DeescalateStart.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\optprosetup.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Windows => ":nlsPreferences" ADS removed successfully.
    C:\Users\David\SkyDrive => ":ms-properties" ADS removed successfully.

    ==== End of Fixlog ====
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Good :)

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Hi Broni,
    I only got as far as Security Check, which seems not to work on this machine (I think). It only runs for an instant and then Checkup.txt appears and just says this:
    "UNSUPPORTED OPERATING SYSTEM! ABORTED!"
    Should I proceed with Farbar and TFC? Thanks.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Go ahead with other steps.
     
  15. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Here's FSS; I'm about to proceed on the next steps too:

    Farbar Service Scanner Version: 21-07-2014
    Ran by David (administrator) on 23-08-2014 at 02:20:14
    Running from "C:\Users\David\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  16. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Ok, I did TFC and next I'll do ESET. However, I'm now having trouble seeing where to disable my Avast protection in order to do ESET. I used to be able to "disable shields" or something by finding it in the "tray" or whatever that part of the taskbar is called, but I can't pull it up from there anymore. I'll poke around for a minute and see if I can figure out how to do it, and let you know if I can't figure it out.

    In the meantime, you didn't ask for a TFC log, but below is what it said anyway:

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: David
    ->Temp folder emptied: 355584546 bytes
    ->Temporary Internet Files folder emptied: 210434272 bytes
    ->Java cache emptied: 6931004 bytes
    ->FireFox cache emptied: 393949505 bytes
    ->Google Chrome cache emptied: 514215219 bytes
    ->Flash cache emptied: 16199 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Minhee
    ->Temp folder emptied: 648711 bytes
    ->Temporary Internet Files folder emptied: 216264 bytes

    User: Public

    User: William
    ->Temp folder emptied: 433378 bytes
    ->Temporary Internet Files folder emptied: 986530 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 20506392 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 41104842 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 114406156 bytes
    Process complete!

    Total Files Cleaned = 1,583.00 mb
     
  17. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Never mind, I was able to disable Avast. (though I feel like pointing out, it's going pretty nuts with "threat detected!" alerts every minute or two...)

    Okay, now to ESET.
     
  18. losdavos

    losdavos TS Member Topic Starter Posts: 84

    More play-by-play, while ESET runs:

    Starting the ESET process, ESET did not behave exactly as your steps above describe. Maybe it's because I'm on Windows 8/8.1? It put a couple questions to me that I had to guess at (e.g., before I could click "Start," I had to choose to enable or disable its detection of some unwanted thing or other (I don't remember exactly what (didn't take a screenshot) nor do I remember whether I said to enable or disable!). Also, I had to click on an "Advanced Setting" link in order to follow your instruction to check "Scan Archive."

    Ok, it's still running; will post any log asap...
     
  19. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Ok, here's my ESET log, but FIRST: I don't believe this but I seem to have gotten reinfected while running ESET. While I was first infected, certain words (anywhere in browsers) such as "scan," "download," etc. became stupid highlighted links with little popup ads if you hovered on them. Also, pretty much any time I clicked on anything in a browser window, I'd get a full window browser popup going to some stupid ad site. That all stopped somewhere early in this thread, but now, it's back! Barf!

    Here's my ESET log:

    C:\FRST\Quarantine\C\Users\David\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats cleaned by deleting - quarantined
    C:\Users\David\Downloads\CamStudioSetup_v2.7.2.exe a variant of Win32/InstallCore.PK potentially unwanted application deleted - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Which browser is misbehaving?
    Also see if other browsers are having same issue.
     
  21. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Ah, good question! Seems only Chrome is misbehaving. IE and FF seem okay.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    If the above didn't help....

    Reinstall Chrome...
    If you want to save your bookmarks...
    How to Backup Bookmarks in Google Chrome
    • Close all Chrome windows and tabs.
    • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    • Click Programs and Features.
    • Double-click Google Chrome.
    • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
  23. losdavos

    losdavos TS Member Topic Starter Posts: 84

    Very glad to report that just resetting Chrome seems to have worked. What's next?! Pretty happy so far.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    =====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  25. losdavos

    losdavos TS Member Topic Starter Posts: 84

    I've only gotten through the first three steps above (update Flash Player, and numbered steps one and two) and I regret to report that ads are appearing again in Chrome, and this time, they survived a browser reset. Should I follow the uninstall & reinstall Chrome instructions you posted above?

    Ashamed to say it but I also did something you didn't prescribe: while getting all Windows updates (I just said yes to everything, even the optional ones), I followed Avast's automatic suggestion that I also update three separate Java components (two 32 bit items and one 64 bit item). [Sheepishly, I say,] What should I do now? Continue with your numbered steps above in your last post?
    Thanks.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.