Solved Windows 8.1 (w/update) PC riddled w/ adware including "finedealsofet" junk; can't run DDS

losdavos · Aug 18, 2014

Hi, and sincere thanks in advance.

My Windows 8.1 machine has one or more bad infections. Below is my first MBAM log, but every time I try to run DDS (from both links Techspot offers, and with my antivirus suspended), I keep getting a popup that says the program "is not meant to run in Compatibility Mode."

Anyway, here's my MBAM log, thanks again in advance:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/18/2014
Scan Time: 9:05:34 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.18.10
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372563
Time Elapsed: 7 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.LiveLyrics.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Delete-on-Reboot, [9e749e2a3d3e15212c5d3abb689a32ce],
PUP.Optional.LiveLyrics.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Delete-on-Reboot, [858d88403447ba7cc6c339bc669c9f61],
PUP.Optional.Superfish.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [b161fcccc2b90a2c0884f40380824cb4],
PUP.Optional.Superfish.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [ec26497fa6d574c25b311ed9fa0851af],
PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.toshiba.com/", "http://www.google.com/", "http://websearch.calcitapp.info/" ],), Replaced,[fd159d2b562572c4221520e635d0ff01]

Physical Sectors: 0
(No malicious items detected)

(end)

Broni · Aug 18, 2014

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

DDS won't run on Windows 8.1.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]

losdavos · Aug 18, 2014

Here's my Roguekiller log, and now I'm going to create my new restore point (and not do anything else until told to!):

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 08/18/2014 23:25:33

¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] RTFTrack.exe -- C:\Windows\RTFTrack.exe[7] -> KILLED [TermProc]
[Suspicious.Path] (SVC) ymc -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe[7] -> STOPPED

¤¤¤ Registry Entries : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe [x] -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B0E8C77-7D34-4CF9-A0BD-543A4F114C5E} | DhcpNameServer : 150.202.1.3 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-877737628-3122474596-3873684844-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMPC128HBFU-000L1 +++++
--- User ---
[MBR] bcd0f1149c190a550956e6d8f1fc3115
[BSP] f108b737926102ae2a376be190d80d96 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_08182014_232526.log

losdavos · Aug 18, 2014

Ok and now here are my mbar log, followed by system-log.txt. Note, mbar did NOT report any malware, so I have NOT rebooted; I hope that's ok:

mbar-log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.19.03

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17207
David :: YOGA2PRO-SILVER [administrator]

8/18/2014 11:34:41 PM
mbar-log-2014-08-18 (23-34-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 373009
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log.txt:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17207

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 4202979328, free: 1237303296

Downloaded database version: v2014.08.19.03
Downloaded database version: v2014.08.16.01
=======================================
Initializing...
------------ Kernel report ------------
08/18/2014 23:34:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\DptfDevProc.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\NETwbw02.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\DptfDevPch.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\DptfManager.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\System32\Drivers\INETMON.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe00101301450
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000032\
Lower Device Object: 0xffffe000ff082130
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00101301450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001012a1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00101301450, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ff4d2040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ff082130, DeviceName: \Device\00000032\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpials.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpials.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 15E2FFF3

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1882524988
GPT Header CurrentLba = 1 BackupLba 250069679
GPT Header FirstUsableLba 34 LastUsableLba 250069646
GPT Header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1882524988
Backup GPT header CurrentLba = 250069679 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 250069646
Backup GPT header Guid 4d6ea6d3-39bd-4202-b0fd-fc9c18454e97
Backup GPT header Contains 128 partition entries starting at LBA 250069647
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 2401c6a0-e1da-4784-b77e-b52034cfb7
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 247497fe-63d2-4101-b15b-b365933ef47a
FirstLBA 2050048 Last LBA 2582527
Attributes 1
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID 485dbef6-9c0d-4489-975f-5666aae2a1e
FirstLBA 2582528 Last LBA 4630527
Attributes 1
Partition Name Basic data partition

Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 2b612072-1f29-4266-ad55-7938cda2985b
FirstLBA 4630528 Last LBA 4892671
Attributes 0
Partition Name Microsoft reserved partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4c4d23a1-bd41-474d-9e74-df507f2c802f
FirstLBA 4892672 Last LBA 217206783
Attributes 0
Partition Name Basic data partition

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 7f8973bb-836d-4270-9b49-81433120c7bd
FirstLBA 217206784 Last LBA 225595391
Attributes 0
Partition Name Basic data partition

Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID cacf430a-569-4f60-8ef4-bcbfff72ea11
FirstLBA 225595392 Last LBA 250068991
Attributes 1
Partition Name Basic data partition

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Aug 19, 2014

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

losdavos · Aug 19, 2014

Okay this post contains 1 log from AdwCleaner, and 1 from JRT; Farbar logs to come in next post:

# AdwCleaner v3.307 - Report created 19/08/2014 at 00:58:40
# Updated 17/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : David - YOGA2PRO-SILVER
# Running from : C:\Users\David\Desktop\adwcleaner_3.307.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\David\AppData\Local\Temp\NetCrawl
Folder Deleted : C:\Users\David\Documents\Optimizer Pro
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\user.js
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\prefs.js ]

Line Deleted : user_pref("extensions.UZK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Deleted : user_pref("extensions.rI6860vj71m.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://websearch.calcitapp.info/

[ File : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://websearch.calcitapp.info/

*************************

AdwCleaner[R0].txt - [3408 octets] - [19/08/2014 00:57:37]
AdwCleaner[S0].txt - [3249 octets] - [19/08/2014 00:58:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3309 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by David on Tue 08/19/2014 at 1:05:19.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\re8nxqow.default\minidumps [5 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/19/2014 at 1:13:04.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

losdavos · Aug 19, 2014

Actually here's only the first portion of FRST.txt; to be completed in subsequent post(s):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by David (administrator) on YOGA2PRO-SILVER on 19-08-2014 01:18:17
Running from C:\Users\David\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Google Inc.) C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Kakao Inc.) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-12-05] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-12-05] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2014-03-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-12-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-12-27] (Absolute Software)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-02] (Google Inc.)
HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [DragonAssistant] => "C:\Program Files (x86)\Nuance\Dragon Assistant\Application\DragonAssistant.exe"
HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-877737628-3122474596-3873684844-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5405384 2014-07-31] (Kakao Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {93D4594E-4443-44D0-B089-1C88D7241B42} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {93D4594E-4443-44D0-B089-1C88D7241B42} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {93D4594E-4443-44D0-B089-1C88D7241B42} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\re8nxqow.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-09]

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://start.toshiba.com/", "hxxp://www.google.com/", "hxxp://websearch.calcitapp.info/"
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Google News) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-02]
CHR Extension: (Google Tasks (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2014-03-02]
CHR Extension: (NYTimes) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-03-02]
CHR Extension: (Google Calendar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-02]
CHR Extension: (The Economist) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-03-02]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-02]
CHR Extension: (avast! Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-09]
CHR Extension: (BharatMatrimony) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgehjabcocfbddmjickonnjpjnjafcj [2014-08-06]
CHR Extension: (Lego Builder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-12-27] (Absolute Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-09] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [447888 2013-12-10] (Nuance Communications, Inc.)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2013-12-17] (Nuance Communications, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-20] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-07-30] (LENOVO INCORPORATED.)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-12-05] (Lenovo)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-12-05] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-12-05] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2013-12-05] (Lenovo)
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-09] ()
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-09] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-18] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

losdavos · Aug 19, 2014

FRST.txt continued:

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 01:18 - 2014-08-19 01:18 - 00026591 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-19 01:17 - 2014-08-19 01:18 - 00000000 ____D () C:\FRST
2014-08-19 01:17 - 2014-08-19 01:17 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-08-19 01:13 - 2014-08-19 01:13 - 00000753 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-19 01:05 - 2014-08-19 01:05 - 00000000 ____D () C:\windows\ERUNT
2014-08-19 01:03 - 2014-08-19 01:03 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-08-19 00:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-19 00:57 - 2014-08-19 00:58 - 00000000 ____D () C:\AdwCleaner
2014-08-19 00:57 - 2014-08-19 00:57 - 01361671 _____ () C:\Users\David\Desktop\adwcleaner_3.307.exe
2014-08-18 23:34 - 2014-08-18 23:40 - 00000000 ____D () C:\Users\David\Desktop\mbar
2014-08-18 23:34 - 2014-08-18 23:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 23:33 - 2014-08-18 23:33 - 14349744 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.07.0.1012.exe
2014-08-18 23:21 - 2014-08-18 23:21 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 23:19 - 2014-08-18 23:19 - 04851288 _____ () C:\Users\David\Desktop\RogueKiller.exe
2014-08-18 21:36 - 2014-08-18 21:36 - 00002125 _____ () C:\Users\David\Desktop\mbam1.txt
2014-08-18 21:21 - 2014-08-18 21:21 - 00688992 _____ (Swearware) C:\Users\David\Desktop\dds (2).com
2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds (1).com
2014-08-18 21:19 - 2014-08-18 21:19 - 00002125 _____ () C:\mbam1.txt
2014-08-18 21:06 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 21:06 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 21:06 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 21:06 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 21:06 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 21:06 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 21:06 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 21:06 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-18 21:06 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 21:06 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 21:06 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 21:06 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 21:06 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 21:06 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 21:06 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 21:06 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 21:06 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 21:06 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 21:06 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-18 21:06 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 21:05 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-18 21:05 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-18 21:05 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 21:05 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 21:05 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 21:05 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 21:05 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:05 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 21:05 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-18 21:05 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 21:05 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 21:05 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 21:05 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-18 21:05 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 21:05 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 21:04 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-18 21:04 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-18 21:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-08-18 21:03 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\windows\system32\WpcMon.exe
2014-08-18 21:03 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2014-08-18 21:03 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\windows\system32\WpcWebSync.dll
2014-08-18 21:03 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2014-08-18 21:03 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
2014-08-18 21:03 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
2014-08-18 21:03 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-08-18 21:03 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2014-08-18 21:03 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2014-08-18 21:03 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-18 21:03 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2014-08-18 21:03 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-18 21:03 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-18 21:03 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-08-18 21:03 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-08-18 21:03 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-08-18 21:03 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-08-18 21:03 - 2014-05-31 06:07 - 00467800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-08-18 21:03 - 2014-05-31 06:07 - 00440664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-08-18 21:03 - 2014-05-31 06:07 - 00419672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-08-18 21:03 - 2014-05-31 06:07 - 00089944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-08-18 21:03 - 2014-05-31 06:07 - 00027480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-08-18 21:03 - 2014-05-31 02:30 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-08-18 21:03 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-08-18 21:03 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-08-18 21:03 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-08-18 21:03 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-08-18 21:03 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-08-18 21:03 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-08-18 21:03 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-08-18 21:03 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
2014-08-18 21:03 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-18 21:03 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-08-18 21:03 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-18 21:03 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\BulkOperationHost.exe
2014-08-18 21:03 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-08-18 21:03 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-08-18 21:03 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll
2014-08-18 21:03 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-08-18 21:03 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll
2014-08-18 21:03 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-08-18 21:03 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-08-18 21:03 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-08-18 21:03 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\ncobjapi.dll
2014-08-18 21:03 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\windows\system32\framedynos.dll
2014-08-18 21:03 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\framedyn.dll
2014-08-18 21:03 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncobjapi.dll
2014-08-18 21:03 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedynos.dll
2014-08-18 21:03 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedyn.dll
2014-08-18 21:03 - 2014-05-02 19:26 - 00050745 _____ () C:\windows\system32\srms.dat
2014-08-18 21:03 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-08-18 21:03 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys
2014-08-18 21:03 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-08-18 21:03 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys
2014-08-18 21:03 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys
2014-08-18 21:03 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-08-18 21:03 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-08-18 21:03 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-08-18 21:03 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore.dll
2014-08-18 21:03 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-08-18 21:03 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc.dll
2014-08-18 21:03 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-08-18 21:03 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-08-18 21:03 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore.dll
2014-08-18 21:03 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-08-18 21:03 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-08-18 21:03 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc.dll
2014-08-18 21:03 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll
2014-08-18 21:03 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2014-08-18 21:03 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-08-18 21:03 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-08-18 21:03 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2014-08-18 21:03 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\windows\system32\d3d9.dll
2014-08-18 21:03 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d9.dll
2014-08-18 21:03 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d8thk.dll
2014-08-18 21:03 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-08-18 21:03 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-08-18 21:01 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-18 21:01 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-18 21:01 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-18 21:01 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-18 21:01 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-18 21:01 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-18 21:01 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-18 20:59 - 2014-08-18 20:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:59 - 2014-08-18 20:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 13:27 - 2014-08-09 13:27 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com
2014-08-09 13:26 - 2014-08-09 13:26 - 04813544 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup416.exe
2014-08-09 13:24 - 2014-08-09 13:24 - 00368256 _____ (RegNow.com) C:\Users\David\Downloads\Download_MaxSDDMnew.exe
2014-08-09 10:11 - 2014-08-09 10:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-08-09 10:10 - 2014-08-18 21:17 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-08-09 10:10 - 2014-08-09 10:10 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-08-09 10:10 - 2014-08-09 10:10 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-09 10:10 - 2014-08-09 10:10 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 10:09 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 09:57 - 2014-08-09 10:06 - 91906368 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-08-09 09:22 - 2014-08-18 23:34 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 09:22 - 2014-08-18 23:34 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-09 09:22 - 2014-08-09 09:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-09 09:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-09 09:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-09 09:21 - 2014-08-09 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 20:05 - 2014-08-09 09:31 - 00000000 ____D () C:\ProgramData\FineDeaLSooft
2014-08-05 20:10 - 2014-08-05 20:10 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-08-05 20:10 - 2014-08-05 20:10 - 00000000 ____D () C:\Program Files\Java
2014-08-05 20:09 - 2014-08-05 20:09 - 31013800 _____ (Oracle Corporation) C:\Users\David\Downloads\jre-7u67-windows-x64.exe
2014-08-04 08:39 - 2014-08-08 08:43 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
2014-07-30 18:53 - 2014-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 07:31 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Local\Adobe
2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\Nitro
2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\FileOpen
2014-07-27 07:24 - 2014-07-30 11:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1004
2014-07-27 07:20 - 2014-07-27 07:20 - 00000000 ____D () C:\Users\William\AppData\Roaming\Intel Corporation
2014-07-27 07:19 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Roaming\Adobe
2014-07-27 07:19 - 2014-07-27 07:19 - 00001453 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-27 07:19 - 2014-07-27 07:19 - 00000020 ___SH () C:\Users\William\ntuser.ini
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\VirtualStore
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Packages
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Google
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William
2014-07-27 07:19 - 2014-07-14 08:49 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 07:19 - 2014-05-17 16:24 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-27 07:19 - 2014-03-02 04:12 - 00002123 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-07-27 07:19 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-27 07:19 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-27 07:19 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-27 07:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-24 18:15 - 2014-07-24 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2014-07-24 18:15 - 2014-07-24 18:15 - 00001024 _____ () C:\Users\Public\Desktop\Sibelius 7 First.lnk
2014-07-24 18:15 - 2014-07-24 18:15 - 00000000 ____D () C:\Users\David\Documents\Scores
2014-07-24 18:14 - 2014-07-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Avid
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Public\Documents\Sibelius First Example Scores
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\Avid
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\ProgramData\Avid
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files\Avid
2014-07-24 18:09 - 2014-07-24 18:13 - 277092216 _____ (Avid ) C:\Users\David\Downloads\SibeliusFirst713b78.exe
2014-07-22 20:37 - 2014-08-09 09:31 - 00000000 ____D () C:\ProgramData\toopbuyer
2014-07-22 20:37 - 2014-08-06 20:05 - 00000000 ____D () C:\ProgramData\8b62050778c65706

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 01:18 - 2014-08-19 01:18 - 00026591 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-19 01:18 - 2014-08-19 01:17 - 00000000 ____D () C:\FRST
2014-08-19 01:17 - 2014-08-19 01:17 - 02101760 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2014-08-19 01:16 - 2014-03-02 02:40 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{FFC35960-518E-4C92-8FFD-0731F1F5D7F6}
2014-08-19 01:13 - 2014-08-19 01:13 - 00000753 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-19 01:12 - 2013-12-05 07:40 - 02089820 _____ () C:\windows\WindowsUpdate.log
2014-08-19 01:05 - 2014-08-19 01:05 - 00000000 ____D () C:\windows\ERUNT
2014-08-19 01:05 - 2014-03-02 01:29 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1001
2014-08-19 01:04 - 2013-08-28 04:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-19 01:03 - 2014-08-19 01:03 - 01016261 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2014-08-19 01:03 - 2013-12-05 07:55 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-08-19 01:00 - 2014-03-02 03:25 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 01:00 - 2014-03-02 03:24 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 01:00 - 2014-03-02 01:25 - 00000000 __RDO () C:\Users\David\SkyDrive
2014-08-19 01:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
2014-08-19 00:59 - 2013-12-05 07:54 - 00006656 _____ () C:\windows\system32\VfService.trf
2014-08-19 00:59 - 2013-12-05 07:34 - 00013895 _____ () C:\windows\setupact.log
2014-08-19 00:59 - 2013-08-28 04:34 - 00020472 _____ () C:\windows\PFRO.log
2014-08-19 00:59 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-19 00:59 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-19 00:59 - 2013-08-22 09:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-08-19 00:58 - 2014-08-19 00:57 - 00000000 ____D () C:\AdwCleaner
2014-08-19 00:57 - 2014-08-19 00:57 - 01361671 _____ () C:\Users\David\Desktop\adwcleaner_3.307.exe
2014-08-19 00:39 - 2014-04-02 20:29 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job
2014-08-19 00:30 - 2014-03-29 09:15 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c.job
2014-08-19 00:30 - 2014-03-29 09:15 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd.job
2014-08-19 00:28 - 2014-06-22 10:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 00:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\rescache
2014-08-18 23:49 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
2014-08-18 23:40 - 2014-08-18 23:34 - 00000000 ____D () C:\Users\David\Desktop\mbar
2014-08-18 23:40 - 2014-08-18 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 23:34 - 2014-08-09 09:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 23:34 - 2014-08-09 09:22 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-18 23:33 - 2014-08-18 23:33 - 14349744 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.07.0.1012.exe
2014-08-18 23:21 - 2014-08-18 23:21 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 23:19 - 2014-08-18 23:19 - 04851288 _____ () C:\Users\David\Desktop\RogueKiller.exe
2014-08-18 21:40 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
2014-08-18 21:36 - 2014-08-18 21:36 - 00002125 _____ () C:\Users\David\Desktop\mbam1.txt
2014-08-18 21:32 - 2014-03-02 11:56 - 00000000 ____D () C:\windows\system32\MRT
2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ___RD () C:\windows\ToastData
2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\MediaViewer
2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\FileManager
2014-08-18 21:32 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\Camera
2014-08-18 21:30 - 2014-03-02 11:55 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-18 21:21 - 2014-08-18 21:21 - 00688992 _____ (Swearware) C:\Users\David\Desktop\dds (2).com
2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
2014-08-18 21:20 - 2014-08-18 21:20 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds (1).com
2014-08-18 21:19 - 2014-08-18 21:19 - 00002125 _____ () C:\mbam1.txt
2014-08-18 21:17 - 2014-08-09 10:10 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-08-18 21:01 - 2014-07-10 02:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 21:01 - 2014-07-10 02:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 21:01 - 2014-06-30 22:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 21:01 - 2014-06-30 22:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 21:01 - 2014-05-04 01:30 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 21:01 - 2014-05-04 01:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 21:01 - 2014-05-04 01:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 21:01 - 2014-05-04 01:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 21:01 - 2014-05-04 01:24 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 21:01 - 2014-05-04 01:24 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:01 - 2014-03-02 11:49 - 00233912 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-08-18 21:00 - 2014-06-18 08:06 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-08-18 20:59 - 2014-08-18 20:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-18 20:59 - 2014-08-18 20:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:59 - 2014-08-18 20:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-09 13:27 - 2014-08-09 13:27 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.com
2014-08-09 13:26 - 2014-08-09 13:26 - 04813544 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup416.exe
2014-08-09 13:24 - 2014-08-09 13:24 - 00368256 _____ (RegNow.com) C:\Users\David\Downloads\Download_MaxSDDMnew.exe
2014-08-09 10:11 - 2014-08-09 10:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-08-09 10:10 - 2014-08-09 10:10 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-08-09 10:10 - 2014-08-09 10:10 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-09 10:10 - 2014-08-09 10:10 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-08-09 10:10 - 2014-08-09 10:10 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-09 10:10 - 2014-08-09 10:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-09 10:06 - 2014-08-09 09:57 - 91906368 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-08-09 09:31 - 2014-08-06 20:05 - 00000000 ____D () C:\ProgramData\FineDeaLSooft
2014-08-09 09:31 - 2014-07-22 20:37 - 00000000 ____D () C:\ProgramData\toopbuyer
2014-08-09 09:31 - 2014-05-05 21:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-09 09:31 - 2014-05-05 21:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-09 09:31 - 2014-03-08 00:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-09 09:31 - 2013-08-22 10:44 - 00568536 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-09 09:22 - 2014-08-09 09:22 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 09:22 - 2014-08-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-09 09:21 - 2014-08-09 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 08:45 - 2014-03-02 04:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-08 08:43 - 2014-08-04 08:39 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
2014-08-08 08:43 - 2013-12-05 07:50 - 00000000 ____D () C:\ProgramData\Lenovo
2014-08-08 08:42 - 2013-12-05 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-08 08:42 - 2013-12-05 07:50 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-06 20:05 - 2014-07-22 20:37 - 00000000 ____D () C:\ProgramData\8b62050778c65706
2014-08-05 20:10 - 2014-08-05 20:10 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-08-05 20:10 - 2014-08-05 20:10 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-08-05 20:10 - 2014-08-05 20:10 - 00000000 ____D () C:\Program Files\Java
2014-08-05 20:09 - 2014-08-05 20:09 - 31013800 _____ (Oracle Corporation) C:\Users\David\Downloads\jre-7u67-windows-x64.exe
2014-08-01 23:11 - 2014-08-18 21:03 - 00918528 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-08-01 20:17 - 2013-08-22 11:38 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:17 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 07:39 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\NDF
2014-07-30 18:53 - 2014-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 11:55 - 2014-07-27 07:24 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-877737628-3122474596-3873684844-1004
2014-07-27 07:31 - 2014-07-27 07:31 - 00000000 ____D () C:\Users\William\AppData\Local\Adobe
2014-07-27 07:31 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Roaming\Adobe
2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\Nitro
2014-07-27 07:30 - 2014-07-27 07:30 - 00000000 ____D () C:\Users\William\AppData\Roaming\FileOpen
2014-07-27 07:20 - 2014-07-27 07:20 - 00000000 ____D () C:\Users\William\AppData\Roaming\Intel Corporation
2014-07-27 07:19 - 2014-07-27 07:19 - 00001453 _____ () C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-27 07:19 - 2014-07-27 07:19 - 00000020 ___SH () C:\Users\William\ntuser.ini
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\VirtualStore
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Packages
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William\AppData\Local\Google
2014-07-27 07:19 - 2014-07-27 07:19 - 00000000 ____D () C:\Users\William
2014-07-25 10:52 - 2014-08-18 21:05 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 09:51 - 2014-08-18 21:05 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 09:28 - 2014-08-18 21:05 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 09:25 - 2014-08-18 21:06 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-18 21:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 08:59 - 2014-08-18 21:06 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 08:40 - 2014-08-18 21:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-18 21:05 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 08:30 - 2014-08-18 21:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-18 21:06 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-18 21:05 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-18 21:06 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 08:17 - 2014-08-18 21:06 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 08:10 - 2014-08-18 21:06 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 08:08 - 2014-08-18 21:05 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-18 21:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-18 21:06 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-18 21:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-18 21:05 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-25 07:43 - 2014-08-18 21:05 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-18 21:05 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-18 21:06 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 07:34 - 2014-08-18 21:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-18 21:06 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-18 21:06 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-18 21:06 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 07:09 - 2014-08-18 21:05 - 00291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-25 07:07 - 2014-08-18 21:06 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 07:03 - 2014-08-18 21:06 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-18 21:05 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-18 21:06 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-18 21:06 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-18 21:06 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-18 21:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-18 21:06 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 18:23 - 2014-07-24 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2014-07-24 18:23 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files (x86)\Avid
2014-07-24 18:23 - 2014-03-14 01:42 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations
2014-07-24 18:15 - 2014-07-24 18:15 - 00001024 _____ () C:\Users\Public\Desktop\Sibelius 7 First.lnk
2014-07-24 18:15 - 2014-07-24 18:15 - 00000000 ____D () C:\Users\David\Documents\Scores
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Public\Documents\Sibelius First Example Scores
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\Avid
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\ProgramData\Avid
2014-07-24 18:14 - 2014-07-24 18:14 - 00000000 ____D () C:\Program Files\Avid
2014-07-24 18:13 - 2014-07-24 18:09 - 277092216 _____ (Avid ) C:\Users\David\Downloads\SibeliusFirst713b78.exe
2014-07-24 08:42 - 2014-05-05 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 13:27 - 2014-03-02 18:28 - 00445440 ___SH () C:\Users\David\Downloads\Thumbs.db

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe
C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe
C:\Users\David\AppData\Local\Temp\DARestart.exe
C:\Users\David\AppData\Local\Temp\DeescalateStart.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\optprosetup.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 23:49

==================== End Of Log ============================

losdavos · Aug 19, 2014

And now here's Farbar's "Additional.txt:"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by David at 2014-08-19 01:18:50
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.21 - Absolute Software)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avid License Control (HKLM-x32\...\{F187D064-F101-4E95-8D05-4027809AA0F8}) (Version: 3.0.0 - Avid Technology, Inc.)
Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.28.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.0.229 - Nuance Communications Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.229 - Nuance Communications Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.49 - Lenovo)
Energy Manager (x32 Version: 1.0.1.49 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.05.3000.0595 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.0.661 - Kakao)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.26.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
Nuance Speech Component DA-C version 1.1.19 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.19 - Nuance Communications, Inc.)
Nuance Speech Component DA-L en-US version 1.1.5 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Sibelius 7 First 7.1.3.78 (HKLM\...\0d849438-e498-4416-ace4-fa9880d0efaa_is1) (Version: 7.1.3.78 - Avid)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for Microsoft en-us Dictionary (Version: 16.1.810.1 - Microsoft Corporation) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-877737628-3122474596-3873684844-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

06-08-2014 00:09:50 Installed Java 7 Update 67 (64-bit)
09-08-2014 14:10:00 avast! antivirus system restore point
19-08-2014 01:28:58 Windows Update
19-08-2014 03:31:48 being walked through malware removal by techspot's Broni

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01449005-E712-412A-A244-7F970AF191C1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {033A02C1-014C-4202-8103-86D2A6718B6B} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-12-05] (Lenovo)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CAF99AA-B2A6-4F8F-A04A-BC0A0D926907} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2B69BE04-56C3-483D-A58D-AB2D882567EB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36B88534-E6BB-4510-8E36-F460BE77029E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {44D500C5-DFD3-41B3-8DC3-4F0EB79A5A4C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {481D4110-24D1-426E-8698-120875BC9BC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {56F8B195-0246-4CD2-B522-5F5EA97D62C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {587918CC-4636-44D0-9F03-C75A846F728A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {63D0C4EA-1960-44FF-893A-0DDA383F748A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {68C5033E-5B62-4262-81DD-87E9C21A1A35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-08-18] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {814FEC4E-D946-4355-B799-B82A669B9AB1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {84469426-D356-4D04-8CD0-83177EB592EC} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {846C82DA-07B2-4723-8CE4-4E8A5234FCBF} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {906A7AC7-C22D-4BBC-ADD0-2BF8CF767E40} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-07-30] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF3DBCB8-9B8E-4551-8359-F95BD7725B79} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {C90B3147-8656-46A3-848A-028BB706EAE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {CF664A07-92B2-4585-9459-3244E474931C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1D6763C-B152-46CB-9F38-8E32572D2348} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-09] (AVAST Software)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC996903-9A05-4F5E-A65C-6652A54336EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC1563FD-AFC1-491E-8712-2821E13FC395} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4ed3c47e6597.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001Core1cf4b515ce15dd.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877737628-3122474596-3873684844-1001UA1cf4b515eb616c.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 21:58 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-01 21:31 - 2013-08-01 21:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 21:31 - 2013-08-01 21:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 21:31 - 2013-08-01 21:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-12-05 07:53 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-12-05 07:54 - 2013-12-05 07:54 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-05 07:54 - 2013-12-05 07:54 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2013-12-05 07:53 - 2013-12-05 07:53 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2013-12-05 07:50 - 2013-07-31 19:32 - 00034288 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.Utils.dll
2014-07-11 03:28 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2014-08-09 10:10 - 2014-08-09 10:10 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-18 21:17 - 2014-08-18 21:17 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081800\algo.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-03-14 01:12 - 2013-12-10 13:52 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2013-12-05 07:53 - 2013-12-05 07:53 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-05-22 00:42 - 2014-05-22 00:42 - 00045056 _____ () C:\Program Files (x86)\Kakao\KakaoTalk\LiteUnzip.dll
2014-08-09 10:10 - 2014-08-09 10:10 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-05 07:36 - 2013-08-08 16:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-17 18:36 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 18:36 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 18:36 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 18:36 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 18:36 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-08-07 07:30:43.417
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:43.354
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:13.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:13.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:12.919
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:12.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:12.692
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:30:12.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:24:52.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-07 07:24:52.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 50%
Total physical RAM: 4008.27 MB
Available physical RAM: 1976.12 MB
Total Pagefile: 9896.27 MB
Available Pagefile: 7637.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:101.24 GB) (Free:52.28 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 15E2FFF3)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · Aug 19, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

losdavos · Aug 21, 2014

Thanks. Here's the log you last asked for:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by David at 2014-08-21 13:09:01 Run:1
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {93D4594E-4443-44D0-B089-1C88D7241B42} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe
C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe
C:\Users\David\AppData\Local\Temp\DARestart.exe
C:\Users\David\AppData\Local\Temp\DeescalateStart.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe
C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\David\AppData\Local\Temp\optprosetup.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\David\SkyDrive:ms-properties
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93D4594E-4443-44D0-B089-1C88D7241B42}" => Key deleted successfully.
"HKCR\CLSID\{93D4594E-4443-44D0-B089-1C88D7241B42}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EvtEng => Service deleted successfully.
McAPExe => Service deleted successfully.
MyWiFiDHCPDNS => Service deleted successfully.
RegSrvc => Service deleted successfully.
C:\Users\David\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.17.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\DAAppShutdown.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\DARestart.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\DeescalateStart.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Dragon Assistant 1.5 to 3 Lenovo OEM 3.0.229 Upgrade.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.17.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Dragon Assistant Core 1.1.19.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\David\SkyDrive => ":ms-properties" ADS removed successfully.

==== End of Fixlog ====

Broni · Aug 21, 2014

Good

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Click on "Run ESET Online Scanner" button.
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

losdavos · Aug 22, 2014

Hi Broni,
I only got as far as Security Check, which seems not to work on this machine (I think). It only runs for an instant and then Checkup.txt appears and just says this:
"UNSUPPORTED OPERATING SYSTEM! ABORTED!"
Should I proceed with Farbar and TFC? Thanks.

Broni · Aug 23, 2014

Go ahead with other steps.

losdavos · Aug 23, 2014

Here's FSS; I'm about to proceed on the next steps too:

Farbar Service Scanner Version: 21-07-2014
Ran by David (administrator) on 23-08-2014 at 02:20:14
Running from "C:\Users\David\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

losdavos · Aug 23, 2014

Ok, I did TFC and next I'll do ESET. However, I'm now having trouble seeing where to disable my Avast protection in order to do ESET. I used to be able to "disable shields" or something by finding it in the "tray" or whatever that part of the taskbar is called, but I can't pull it up from there anymore. I'll poke around for a minute and see if I can figure out how to do it, and let you know if I can't figure it out.

In the meantime, you didn't ask for a TFC log, but below is what it said anyway:

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: All Users

User: David
->Temp folder emptied: 355584546 bytes
->Temporary Internet Files folder emptied: 210434272 bytes
->Java cache emptied: 6931004 bytes
->FireFox cache emptied: 393949505 bytes
->Google Chrome cache emptied: 514215219 bytes
->Flash cache emptied: 16199 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Minhee
->Temp folder emptied: 648711 bytes
->Temporary Internet Files folder emptied: 216264 bytes

User: Public

User: William
->Temp folder emptied: 433378 bytes
->Temporary Internet Files folder emptied: 986530 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 20506392 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41104842 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 114406156 bytes
Process complete!

Total Files Cleaned = 1,583.00 mb

losdavos · Aug 23, 2014

Never mind, I was able to disable Avast. (though I feel like pointing out, it's going pretty nuts with "threat detected!" alerts every minute or two...)

Okay, now to ESET.

losdavos · Aug 23, 2014

More play-by-play, while ESET runs:

Starting the ESET process, ESET did not behave exactly as your steps above describe. Maybe it's because I'm on Windows 8/8.1? It put a couple questions to me that I had to guess at (e.g., before I could click "Start," I had to choose to enable or disable its detection of some unwanted thing or other (I don't remember exactly what (didn't take a screenshot) nor do I remember whether I said to enable or disable!). Also, I had to click on an "Advanced Setting" link in order to follow your instruction to check "Scan Archive."

Ok, it's still running; will post any log asap...

losdavos · Aug 23, 2014

Ok, here's my ESET log, but FIRST: I don't believe this but I seem to have gotten reinfected while running ESET. While I was first infected, certain words (anywhere in browsers) such as "scan," "download," etc. became stupid highlighted links with little popup ads if you hovered on them. Also, pretty much any time I clicked on anything in a browser window, I'd get a full window browser popup going to some stupid ad site. That all stopped somewhere early in this thread, but now, it's back! Barf!

Here's my ESET log:

C:\FRST\Quarantine\C\Users\David\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats cleaned by deleting - quarantined
C:\Users\David\Downloads\CamStudioSetup_v2.7.2.exe a variant of Win32/InstallCore.PK potentially unwanted application deleted - quarantined

Broni · Aug 23, 2014

Which browser is misbehaving?
Also see if other browsers are having same issue.

losdavos · Aug 23, 2014

Ah, good question! Seems only Chrome is misbehaving. IE and FF seem okay.

Broni · Aug 24, 2014

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

losdavos · Aug 24, 2014

Very glad to report that just resetting Chrome seems to have worked. What's next?! Pretty happy so far.

Broni · Aug 24, 2014

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

=====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

losdavos · Aug 25, 2014

I've only gotten through the first three steps above (update Flash Player, and numbered steps one and two) and I regret to report that ads are appearing again in Chrome, and this time, they survived a browser reset. Should I follow the uninstall & reinstall Chrome instructions you posted above?

Ashamed to say it but I also did something you didn't prescribe: while getting all Windows updates (I just said yes to everything, even the optional ones), I followed Avast's automatic suggestion that I also update three separate Java components (two 32 bit items and one 64 bit item). [Sheepishly, I say,] What should I do now? Continue with your numbered steps above in your last post?
Thanks.

Solved Windows 8.1 (w/update) PC riddled w/ adware including "finedealsofet" junk; can't run DDS

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Attachments

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Posts: 56,041 +516

Posts: 128 +0

Similar threads