Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I think I've got a deep rootkit and I dont know how to find it [Cl

Started by Karmafish , Sep 03 2014 03:25 AM

rootkit malware gmer

This topic is locked

#1
Karmafish

Posted 03 September 2014 - 03:25 AM

Member

Member
19 posts

Im on a lenovo yoga 2 13" with windows 8.1.

Here is the backstory. I heard about the deep web on the news and decided to get tor and look around. Bad Idea. I stumbled on to a link that basically said my laptop is now 100% rootkit. Ive been going crazy wondering where it is hiding and I SERIOUSLY need some peace of mind. I made some logs with gmer to post and I have been good about scanning with malware bytes and others. The problem is I cant find anything! Im not very skilled so that could be it but I feel as though I might need to wipe my entire laptop just to get peace of mind. I cant deal with the fact that there could be something lurking in my pc. Im willing to go through all the steps to get this over with and I will seriously want to go through every measure. I love my laptop and I can barely use it with out thinking someone is looging everything I type or something else. Please Help.

#2
Karmafish

Posted 03 September 2014 - 02:08 PM

Member

Topic Starter
Member
19 posts

Symptoms include:

Mouse lag.
Task manager asking for user account control when it never has before.
Random pop ups on start up that appear and disappear in the blink of an eye (also never happened before)
bsod on radom occasions
Sometimes the audio of the computer stops chiming as if its on mute. Can only be fixed by restart.

Computer is very new and also quite empty. I havent installed more than a few programs and barely have any files.

Edited by Karmafish, 03 September 2014 - 03:02 PM.

#3
ruggie_uk

Posted 04 September 2014 - 01:45 PM

Trusted Helper

Malware Removal
2,083 posts

Greetings Karmafish and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.
Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

First...

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
Right click to run as administrator. When the tool opens click Yes to the disclaimer.
Ensure that the following are ticked as in the image below

Drivers MD5
Addition.txt
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Next...

ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well

On completion of the scan click Save Log, save it to your desktop and post in your next reply

The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file until we have completed.

Items I need to see in your next post:
FRST log
ASWMBR Log

#4
Karmafish

Posted 07 September 2014 - 11:18 AM

Member

Topic Starter
Member
19 posts

I will do just that !

Thank you so much for helping me !

#5
Karmafish

Posted 07 September 2014 - 11:35 AM

Member

Topic Starter
Member
19 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by yousuf (administrator) on BENTOBOX on 07-09-2014 10:45:27
Running from C:\Users\yousuf\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
( ) C:\Windows\System32\lxeacoms.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Pokki) C:\Users\yousuf\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pokki) C:\Users\yousuf\AppData\Local\Pokki\Engine\pokki.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Pokki) C:\Users\yousuf\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13664984 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-04] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-04] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-03-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-04] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119824 2013-12-02] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [765048 2014-09-02] (Webroot)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Run: [Pokki] => C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\MountPoints2: {36060c7d-d7a2-11e3-8256-7c7a915f9f0a} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 0x94F001A5756CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {431ABDFE-53FD-4F31-AC73-328A4A21DDA9} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {431ABDFE-53FD-4F31-AC73-328A4A21DDA9} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {431ABDFE-53FD-4F31-AC73-328A4A21DDA9} URL = http://www.bing.com/...=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {431ABDFE-53FD-4F31-AC73-328A4A21DDA9} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.128.128.128

FireFox:
========
FF ProfilePath: C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\yousuf\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF SearchPlugin: C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\searchplugins\bing-avast.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-08-10]
FF Extension: Pocket - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-08-10]
FF Extension: Ghostery - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-19]
FF Extension: Self-Destructing Cookies - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-27]
FF Extension: QR Code Image Generator - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-30]
FF Extension: Facebook Ads Block - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-19]
FF Extension: Google™ Translator - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-28]
FF Extension: Mark Ads Sites In Search - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-19]
FF Extension: Strict Pop-up Blocker - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-19]
FF Extension: Turn Off the Lights - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected] [2014-06-30]
FF Extension: Stylish - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-06-30]
FF Extension: StumbleUpon - C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-06-15]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-04] (Lenovo)
R2 lxea_device; C:\windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-11-04] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-03-04] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-03-04] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-03-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [765048 2014-09-02] (Webroot)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-03-04] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2013-11-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-09] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-09-02] (Webroot)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U0 SR; No ImagePath
U2 srservice; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\AcpiVpc.sys AF7A18603B0B82DFA5B420456FAF2201
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\ax88772.sys 943B743BEA5AE4EEA43250FFCC99C522
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\system32\drivers\BthA2DP.sys 8F7A6409A76914E203423A384A4E1C11
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 131F1C8573E7BFB41C54FBF5309CCD94
C:\Windows\system32\DRIVERS\BthHfAud.sys E4A1863A32606C95F993345F1D28C86C
C:\Windows\System32\drivers\bthhfenum.sys 746B9F94214915AECDE4B7FEA5FF9664
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys 07E33226AD218A2A162662A05CAFB52F
C:\Windows\system32\DRIVERS\bthpan.sys 3AFE71D80EDF5D4DE0C5731352905669
C:\Windows\System32\Drivers\BTHport.sys 92370F46AF28D54B67C135FA8C2AFCFC
C:\Windows\System32\Drivers\BTHUSB.sys 23E75BED9076F856B36F5F934BBD5795
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 1CD3A907D64D08F49208DA00B69BF35E
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys DDC11A202207C0400CBE07315B8FDE5E
C:\Windows\System32\drivers\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys 313DCE665B57000B18CB26C6B6A10DFE
C:\Windows\system32\DRIVERS\e1i63x64.sys FA988D76745C917CDFE20031C06DE860
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 6592D192E2823C043EDBC010E7774053
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys EF3AE7773394DF49CE74AF78A1C8D23D
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys 498288DD5CA42C2D36D125893E968C53
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\DRIVERS\ibtusb.sys 401FC0EBE6D19FDD6C62959A635D1EB9
C:\Windows\system32\DRIVERS\igdkmd64.sys 09E41C653B31A4AF5B0E5D25C3FBC057
C:\Windows\system32\drivers\intelaud.sys 4011430BC9DA46ADFAE9915EFEC312FB
C:\Windows\system32\drivers\RTKVHD64.sys 175E14A9970F41EEDD865648F5172D8B
C:\Windows\system32\DRIVERS\IntcDAud.sys B375D8686E1BD2B79C0F00E3868A8C3B
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 139CFCDCD36B1B1782FD8C0014AC9B0E
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys FD9C9E9E3F0ED51502C7E8C066BE26B9
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\iwdbus.sys EE03564B7FAFE2E44EDA33D52E83B4A3
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys F88CC88F4A6D8476F1664E805CA18CC2
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\system32\drivers\mrxdav.sys 1D55DADC22D21883A2F80297F5A5AE48
C:\Windows\System32\DRIVERS\mrxsmb.sys 7A1A3F213CDB3363D179D5014272025D
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C42CEE3E2018E1DFC6E3E17240A432A
C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 375E44168F2DFB91A68B8A3F619C5A7C
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 78514B073CC5775800A65BFB82A0D66B
C:\Windows\System32\drivers\ndis.sys F21B77B4D74092A543807D3CEB711A88
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\drivers\Ndu.sys 5A072F0B90C29C5233D78BE33EF5ED78
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\system32\DRIVERS\NETwbw02.sys B6EDB4D2BA55CA06FF679FA4B885B1F4
C:\Windows\system32\DRIVERS\NETwew02.sys B636B4A8E59A73033B766EA7FD7C3B81
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 1C80517BE6836A812F6A9B99B8321351
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 275AFE3FA35E8D78BE97695DF49817C6
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\system32\drivers\qwavedrv.sys 3FB466684609A4329858CF2EBD62E0FD
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\System32\drivers\rfcomm.sys 0527EF6E23B9FAB37DDCBC479C6CFA28
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\Drivers\RtsUVStor.sys 8564FF91645CC9C01B45F93C7B09AD9E
C:\Windows\system32\DRIVERS\rtsuvc.sys D72F22971F0F492BE045EBAB0C79177D
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys FDEC5799BA499D18AFA3A540538866E7
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 0FCD9D9DF3BDE2C866716EB88928EEFE
C:\Windows\System32\drivers\spaceport.sys 33977549C2CED09936E05BEE7659EAFF
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02
C:\Windows\System32\DRIVERS\srv2.sys FD163F487CBA9C98AFFEB546C80F49A2
C:\Windows\System32\DRIVERS\srvnet.sys 716059F37BCCB1ABEDE99EBE82E8E362
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\system32\DRIVERS\SynTP.sys 8742CA05CBEDFAF680040A738CF208A1
C:\Windows\System32\drivers\tcpip.sys 25AC0B50A71938890970E1508F107196
C:\Windows\system32\DRIVERS\tcpip.sys 25AC0B50A71938890970E1508F107196
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70
C:\Windows\System32\drivers\usbcir.sys B3D6457D841A0CAEF4C52D88621715F2
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\System32\drivers\usbhub.sys 93435654DCA210298BA0F986EB51C679
C:\Windows\System32\drivers\UsbHub3.sys 83C9C45D59C72FEFDAE9A5686BE31FEA
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS EA23453240137F6773174E0D93F61A69
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\Drivers\usbvideo.sys 18F744E8CCEB2670040EBAF7AD77B8C6
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 4BB9BC49DEE1A319EC58274A7BBED663
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA
C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\drivers\WdBoot.sys F5D4FA3E1F4879C361FFF3855259D2C2
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys 019CC610AD95FF47EAD7C08B7A683B96
C:\Windows\System32\Drivers\WdNisDrv.sys 6CC1BB8F6851A262E2E824F0E92D5EEF
C:\Windows\System32\DRIVERS\wfplwfs.sys BFBE1C5F57FE7A885673A1962D5532B7
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Windows\system32\DRIVERS\WinUsb.sys AC263C2F66405589528995AA41040599
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys 182561A14F2E93E81E66FE3700D17A5A
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\System32\drivers\WRkrn.sys FFBBC33ACB3C6706EAED42C66A9DDC3E
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\system32\DRIVERS\wsvd.sys 72B4E9DF6456C43C42A1419B09486045
C:\Windows\System32\drivers\WudfPf.sys D537815E450A149752C15868392AD1F3
C:\Windows\System32\drivers\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\System32\drivers\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\System32\drivers\xusb21.sys 9176C0822FAA649E45121875BE32F5D2

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 10:43 - 2014-09-07 10:45 - 00053532 _____ () C:\Users\yousuf\Desktop\FRST.txt
2014-09-07 10:43 - 2014-09-07 10:43 - 00000000 ____D () C:\Users\yousuf\Desktop\FRST-OlderVersion
2014-09-07 10:22 - 2014-09-07 10:22 - 00028490 _____ () C:\Users\yousuf\Downloads\Addition.txt
2014-09-07 10:20 - 2014-09-07 10:22 - 00081561 _____ () C:\Users\yousuf\Downloads\FRST.txt
2014-09-07 10:19 - 2014-09-07 10:45 - 00000000 ____D () C:\FRST
2014-09-03 14:05 - 2014-09-03 14:05 - 00062306 _____ () C:\Users\yousuf\Downloads\Extras.Txt
2014-09-03 14:04 - 2014-09-03 14:11 - 00142052 _____ () C:\Users\yousuf\Downloads\OTL.Txt
2014-09-03 13:51 - 2014-09-03 13:51 - 00602112 _____ (OldTimer Tools) C:\Users\yousuf\Downloads\OTL.exe
2014-09-03 03:03 - 2014-09-03 03:03 - 00404984 _____ () C:\windows\Minidump\090314-24718-01.dmp
2014-09-03 02:56 - 2014-09-03 02:56 - 00000000 ____D () C:\New Folder
2014-09-03 02:32 - 2014-09-07 10:43 - 02105344 _____ (Farbar) C:\Users\yousuf\Desktop\FRST64.exe
2014-09-03 02:32 - 2014-09-03 02:32 - 00401920 _____ (Farbar) C:\Users\yousuf\Downloads\MiniToolBox.exe
2014-09-03 02:11 - 2014-09-03 02:12 - 05185536 _____ (AVAST Software) C:\Users\yousuf\Downloads\aswmbr.exe
2014-09-03 02:01 - 2014-09-03 02:01 - 00000512 _____ () C:\Users\yousuf\Desktop\MBR.dat
2014-09-03 01:36 - 2014-09-03 01:36 - 00012154 _____ () C:\Users\yousuf\Desktop\CnD scan.log
2014-09-03 01:28 - 2014-09-03 01:28 - 00011905 _____ () C:\Users\yousuf\Desktop\log.log
2014-09-03 01:15 - 2014-09-03 01:15 - 00380416 _____ () C:\Users\yousuf\Downloads\nmq9ifpl.exe
2014-09-03 01:11 - 2014-08-01 20:11 - 00918528 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-09-03 00:56 - 2014-09-03 03:03 - 673615849 _____ () C:\windows\MEMORY.DMP
2014-09-03 00:56 - 2014-09-03 03:03 - 00000000 ____D () C:\windows\Minidump
2014-09-03 00:56 - 2014-09-03 00:56 - 00286176 _____ () C:\windows\Minidump\090314-20296-01.dmp
2014-09-03 00:38 - 2014-09-03 00:38 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-03 00:38 - 2014-09-03 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 00:38 - 2014-09-03 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 23:22 - 2014-05-13 00:01 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\BulkOperationHost.exe
2014-09-02 23:22 - 2014-05-12 22:07 - 02844160 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-02 23:22 - 2014-05-12 21:41 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-09-02 23:22 - 2014-05-12 21:26 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll
2014-09-02 23:22 - 2014-05-12 20:59 - 01035264 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-02 23:22 - 2014-05-12 20:31 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll
2014-09-02 23:22 - 2014-05-03 04:29 - 01726224 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-09-02 23:22 - 2014-05-03 02:20 - 01473080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-09-02 23:22 - 2014-05-02 22:36 - 00997888 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-09-02 23:22 - 2014-05-02 22:19 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\ncobjapi.dll
2014-09-02 23:22 - 2014-05-02 22:08 - 00301056 _____ (Microsoft Corporation) C:\windows\system32\framedynos.dll
2014-09-02 23:22 - 2014-05-02 22:07 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\framedyn.dll
2014-09-02 23:22 - 2014-05-02 21:46 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncobjapi.dll
2014-09-02 23:22 - 2014-05-02 21:37 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedynos.dll
2014-09-02 23:22 - 2014-05-02 21:37 - 00207360 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedyn.dll
2014-09-02 23:22 - 2014-05-02 16:26 - 00050745 _____ () C:\windows\system32\srms.dat
2014-09-02 23:22 - 2014-04-30 22:44 - 01025536 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-09-02 23:22 - 2014-04-29 23:43 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys
2014-09-02 23:22 - 2014-04-29 23:41 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-09-02 23:22 - 2014-04-29 23:41 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys
2014-09-02 23:22 - 2014-04-29 23:41 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys
2014-09-02 23:22 - 2014-04-29 22:45 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-09-02 23:22 - 2014-04-29 21:48 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-09-02 23:22 - 2014-04-29 21:24 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-09-02 23:22 - 2014-04-29 21:23 - 00353280 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore.dll
2014-09-02 23:22 - 2014-04-29 21:23 - 00271872 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-09-02 23:22 - 2014-04-29 21:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc.dll
2014-09-02 23:22 - 2014-04-29 21:14 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-09-02 23:22 - 2014-04-29 20:59 - 01063424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-09-02 23:22 - 2014-04-29 20:46 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore.dll
2014-09-02 23:22 - 2014-04-29 20:46 - 00229888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-09-02 23:22 - 2014-04-29 20:46 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-09-02 23:22 - 2014-04-29 20:45 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc.dll
2014-09-02 23:22 - 2014-04-29 20:42 - 00403968 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll
2014-09-02 23:22 - 2014-04-28 15:40 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2014-09-02 23:22 - 2014-04-26 15:03 - 02140888 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-02 23:22 - 2014-04-26 13:14 - 02144984 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-02 23:22 - 2014-04-26 09:39 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2014-09-02 23:22 - 2014-04-14 02:37 - 02125344 _____ (Microsoft Corporation) C:\windows\system32\d3d9.dll
2014-09-02 23:22 - 2014-04-14 01:08 - 01797896 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d9.dll
2014-09-02 23:22 - 2014-04-13 22:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d8thk.dll
2014-09-02 23:22 - 2014-04-08 23:11 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-02 23:22 - 2014-04-08 22:20 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-02 23:19 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-09-02 23:19 - 2014-08-06 19:12 - 01336624 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-02 23:19 - 2014-08-01 20:56 - 01064448 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-02 23:19 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-02 23:19 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-02 23:19 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-02 23:19 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-02 23:19 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-02 23:19 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-02 23:19 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-02 23:19 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-02 23:19 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-02 23:19 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-02 23:19 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-02 23:19 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-02 23:19 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-02 23:19 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-02 23:19 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-02 23:19 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-02 23:19 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-02 23:19 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-02 23:19 - 2014-07-25 04:43 - 00333312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-02 23:19 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-02 23:19 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-02 23:19 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-02 23:19 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-02 23:19 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-02 23:19 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-02 23:19 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-02 23:19 - 2014-07-25 04:09 - 00291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-02 23:19 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-02 23:19 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-02 23:19 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-02 23:19 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-02 23:19 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-02 23:19 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-02 23:19 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-02 23:19 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-02 23:17 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
2014-09-02 23:17 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-09-02 23:17 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2014-09-02 23:17 - 2014-06-09 15:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-09-02 23:17 - 2014-06-09 15:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-09-02 23:15 - 2014-09-02 23:20 - 00007425 _____ () C:\Users\yousuf\rufus_20140902_231510.log
2014-09-02 23:15 - 2014-07-15 11:16 - 03048880 _____ (Microsoft Corporation) C:\windows\system32\WpcMon.exe
2014-09-02 23:15 - 2014-07-15 01:29 - 03118080 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2014-09-02 23:15 - 2014-07-15 01:22 - 02861056 _____ (Microsoft Corporation) C:\windows\system32\WpcWebSync.dll
2014-09-02 23:15 - 2014-07-15 01:03 - 02344448 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2014-09-02 23:15 - 2014-07-11 21:17 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
2014-09-02 23:15 - 2014-06-19 18:48 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-09-02 23:15 - 2014-06-19 16:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-09-02 23:15 - 2014-06-12 18:15 - 00517528 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2014-09-02 23:15 - 2014-06-12 18:14 - 01557848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-09-02 23:15 - 2014-06-12 17:10 - 00406400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2014-09-02 23:15 - 2014-06-06 04:34 - 02133504 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-09-02 23:15 - 2014-06-04 02:27 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-09-02 23:15 - 2014-06-03 22:31 - 00356352 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-09-02 23:15 - 2014-06-03 22:22 - 02790912 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-09-02 23:15 - 2014-06-03 21:43 - 00281088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-09-02 23:15 - 2014-06-03 21:38 - 03304448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-09-02 23:15 - 2014-06-03 19:15 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-02 23:15 - 2014-06-03 19:14 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-02 23:15 - 2014-05-30 23:27 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-02 23:14 - 2014-06-05 07:13 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-02 23:14 - 2014-06-05 06:14 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-02 23:14 - 2014-06-01 19:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-09-02 23:14 - 2014-05-31 03:07 - 00467800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-02 23:14 - 2014-05-31 03:07 - 00440664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-09-02 23:14 - 2014-05-31 03:07 - 00419672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-02 23:14 - 2014-05-31 03:07 - 00089944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-09-02 23:14 - 2014-05-31 03:07 - 00027480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-09-02 23:14 - 2014-05-30 23:30 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-09-02 23:14 - 2014-05-30 23:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-09-02 23:14 - 2014-05-30 23:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-09-02 23:14 - 2014-05-30 21:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-09-02 23:14 - 2014-05-30 21:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-09-02 23:14 - 2014-05-30 21:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-09-02 23:14 - 2014-05-27 08:53 - 02518360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-02 23:14 - 2014-05-27 02:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
2014-09-02 23:14 - 2014-05-27 02:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll
2014-09-02 23:14 - 2014-05-16 21:59 - 16871936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-02 23:14 - 2014-05-16 21:13 - 12711424 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-02 23:06 - 2014-09-03 02:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 23:05 - 2014-09-02 23:06 - 00631208 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\yousuf\Downloads\rufus-1.4.10.exe
2014-08-10 10:59 - 2014-08-10 10:59 - 00000000 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-10 09:41 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-08-10 09:25 - 2014-08-10 09:25 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-10 08:27 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-08-10 08:27 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-08-10 08:26 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-08-10 08:26 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-08-10 08:26 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-08-10 08:26 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-08-10 08:26 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-08-10 08:26 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-08-10 08:26 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-08-10 08:24 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-08-10 08:24 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-08-10 08:24 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-10 08:24 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll
2014-08-10 08:24 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-08-10 08:24 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-08-10 08:24 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-10 08:24 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-10 08:24 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-10 08:24 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-10 08:24 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-10 08:24 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-10 08:24 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-10 08:24 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2014-08-10 08:24 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-08-10 08:24 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2014-08-10 08:24 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 10:45 - 2014-09-07 10:43 - 00053532 _____ () C:\Users\yousuf\Desktop\FRST.txt
2014-09-07 10:45 - 2014-09-07 10:19 - 00000000 ____D () C:\FRST
2014-09-07 10:43 - 2014-09-07 10:43 - 00000000 ____D () C:\Users\yousuf\Desktop\FRST-OlderVersion
2014-09-07 10:43 - 2014-09-03 02:32 - 02105344 _____ (Farbar) C:\Users\yousuf\Desktop\FRST64.exe
2014-09-07 10:43 - 2014-06-15 23:14 - 00000000 ____D () C:\ProgramData\WRData
2014-09-07 10:33 - 2014-05-09 11:10 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1147817806-1637957022-706831719-1001
2014-09-07 10:33 - 2014-03-04 02:28 - 01585842 _____ () C:\windows\WindowsUpdate.log
2014-09-07 10:22 - 2014-09-07 10:22 - 00028490 _____ () C:\Users\yousuf\Downloads\Addition.txt
2014-09-07 10:22 - 2014-09-07 10:20 - 00081561 _____ () C:\Users\yousuf\Downloads\FRST.txt
2014-09-07 10:19 - 2014-05-09 09:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 10:18 - 2014-06-17 14:42 - 00000000 ____D () C:\Users\yousuf\AppData\Local\Pokki
2014-09-07 10:15 - 2013-10-07 11:27 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-07 10:13 - 2014-05-09 11:08 - 00000000 ___DO () C:\Users\yousuf\SkyDrive
2014-09-07 10:09 - 2013-10-07 11:23 - 00660442 _____ () C:\windows\PFRO.log
2014-09-07 10:09 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-07 10:08 - 2014-03-04 03:02 - 00002560 _____ () C:\windows\system32\VfService.trf
2014-09-07 10:08 - 2013-08-22 06:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-07 10:07 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru
2014-09-03 14:31 - 2014-05-09 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-03 14:11 - 2014-09-03 14:04 - 00142052 _____ () C:\Users\yousuf\Downloads\OTL.Txt
2014-09-03 14:05 - 2014-09-03 14:05 - 00062306 _____ () C:\Users\yousuf\Downloads\Extras.Txt
2014-09-03 13:51 - 2014-09-03 13:51 - 00602112 _____ (OldTimer Tools) C:\Users\yousuf\Downloads\OTL.exe
2014-09-03 13:22 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp
2014-09-03 03:15 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness
2014-09-03 03:05 - 2013-08-22 07:46 - 00024269 _____ () C:\windows\setupact.log
2014-09-03 03:03 - 2014-09-03 03:03 - 00404984 _____ () C:\windows\Minidump\090314-24718-01.dmp
2014-09-03 03:03 - 2014-09-03 00:56 - 673615849 _____ () C:\windows\MEMORY.DMP
2014-09-03 03:03 - 2014-09-03 00:56 - 00000000 ____D () C:\windows\Minidump
2014-09-03 02:56 - 2014-09-03 02:56 - 00000000 ____D () C:\New Folder
2014-09-03 02:42 - 2014-09-02 23:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-03 02:32 - 2014-09-03 02:32 - 00401920 _____ (Farbar) C:\Users\yousuf\Downloads\MiniToolBox.exe
2014-09-03 02:12 - 2014-09-03 02:11 - 05185536 _____ (AVAST Software) C:\Users\yousuf\Downloads\aswmbr.exe
2014-09-03 02:01 - 2014-09-03 02:01 - 00000512 _____ () C:\Users\yousuf\Desktop\MBR.dat
2014-09-03 01:56 - 2014-06-05 11:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-03 01:36 - 2014-09-03 01:36 - 00012154 _____ () C:\Users\yousuf\Desktop\CnD scan.log
2014-09-03 01:28 - 2014-09-03 01:28 - 00011905 _____ () C:\Users\yousuf\Desktop\log.log
2014-09-03 01:15 - 2014-09-03 01:15 - 00380416 _____ () C:\Users\yousuf\Downloads\nmq9ifpl.exe
2014-09-03 01:02 - 2014-05-09 11:02 - 00000000 ____D () C:\Users\yousuf
2014-09-03 00:56 - 2014-09-03 00:56 - 00286176 _____ () C:\windows\Minidump\090314-20296-01.dmp
2014-09-03 00:38 - 2014-09-03 00:38 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-03 00:38 - 2014-09-03 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 00:38 - 2014-09-03 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 23:33 - 2013-08-22 07:44 - 05151704 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-02 23:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData
2014-09-02 23:31 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-02 23:31 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\MediaViewer
2014-09-02 23:31 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\FileManager
2014-09-02 23:31 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\Camera
2014-09-02 23:20 - 2014-09-02 23:15 - 00007425 _____ () C:\Users\yousuf\rufus_20140902_231510.log
2014-09-02 23:06 - 2014-09-02 23:05 - 00631208 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\yousuf\Downloads\rufus-1.4.10.exe
2014-09-02 23:06 - 2013-08-22 08:36 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-02 23:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-09-02 22:38 - 2014-06-27 18:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 14:42 - 2014-06-15 23:14 - 00153256 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2014-09-02 14:42 - 2014-06-15 23:14 - 00114176 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2014-09-02 14:42 - 2014-06-15 23:14 - 00103816 _____ (Webroot) C:\windows\system32\WRusr.dll
2014-08-22 17:42 - 2014-09-02 23:19 - 04148224 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-10 10:59 - 2014-08-10 10:59 - 00000000 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-10 10:59 - 2014-05-09 10:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-10 10:20 - 2014-05-17 12:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-10 10:20 - 2014-05-17 12:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-10 10:19 - 2013-08-22 12:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-10 10:19 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 10:19 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-10 10:19 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore
2014-08-10 09:44 - 2014-05-09 22:07 - 00000000 ____D () C:\windows\system32\MRT
2014-08-10 09:42 - 2014-05-09 22:07 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-10 09:42 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-08-10 09:40 - 2014-05-17 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-10 09:26 - 2014-05-09 09:50 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-10 09:25 - 2014-08-10 09:25 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-08-10 09:06 - 2014-06-26 20:47 - 00000000 ____D () C:\Users\yousuf\.gimp-2.8
2014-08-10 08:22 - 2014-03-04 03:04 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-08-10 08:22 - 2014-03-04 03:03 - 00000000 ____D () C:\Program Files\Lenovo

Some content of TEMP:
====================
C:\Users\yousuf\AppData\Local\Temp\a-Dragon Assistant Application Update en_US 1.5.19.exe
C:\Users\yousuf\AppData\Local\Temp\DAAppShutdown.exe
C:\Users\yousuf\AppData\Local\Temp\DARestart.exe
C:\Users\yousuf\AppData\Local\Temp\DeescalateStart.exe
C:\Users\yousuf\AppData\Local\Temp\DownloadManager_15to3-Lenovo.exe
C:\Users\yousuf\AppData\Local\Temp\Dragon Assistant Application Update en_US 1.5.19.exe
C:\Users\yousuf\AppData\Local\Temp\Dragon Assistant Core 1.1.21.exe
C:\Users\yousuf\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\yousuf\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\yousuf\AppData\Local\Temp\QWWLFFMMODYYLH.exe
C:\Users\yousuf\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\yousuf\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\yousuf\AppData\Local\Temp\utt6C3B.tmp.exe
C:\Users\yousuf\AppData\Local\Temp\Wildstar.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-10 09:35

==================== End Of Log ============================

Edited by Karmafish, 07 September 2014 - 11:52 AM.

#6
Karmafish

Posted 07 September 2014 - 11:37 AM

Member

Topic Starter
Member
19 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by yousuf at 2014-09-07 10:46:55
Running from C:\Users\yousuf\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
Energy Manager (x32 Version: 1.0.0.33 - Lenovo) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.06.2000.0671 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{96C730E4-F055-4118-BDF3-6E071763853C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.06.0000.0280 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E7E2BEA6-ECCE-4306-9486-A08781BE0AD0}) (Version: 2.0.0.1104 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1104 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.267.1.208 - Pokki)
Pokki Download Helper (HKCU\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7154 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.71 - Synaptics Incorporated)
Update for Microsoft en-us Dictionary (Version: 16.1.909.1 - Microsoft Corporation) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
UserGuide (x32 Version: 1.0.0.17 - Lenovo) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.123 - Webroot)
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.013.1211 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1147817806-1637957022-706831719-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\yousuf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147817806-1637957022-706831719-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
CustomCLSID: HKU\S-1-5-21-1147817806-1637957022-706831719-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\yousuf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147817806-1637957022-706831719-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\yousuf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1147817806-1637957022-706831719-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\yousuf\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-06-2014 01:49:21 avast! antivirus system restore point
10-08-2014 16:36:08 Windows Update
03-09-2014 05:35:49 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {080F7A6D-6B08-4FC7-91A9-EEEF3A200918} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2B3F0528-E86F-418B-B4C8-4A0CCB1AC914} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {361DAE14-0284-4E24-877A-D316195501D5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-10] (Adobe Systems Incorporated)
Task: {39B18A0B-4F82-4505-8CDB-4394E819D118} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {40D7D383-1B0A-43A7-8E97-3D0660AED7DB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F40FF0E-70B9-41DE-90F0-2CDACD4DC01E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-03] (Microsoft Corporation)
Task: {70090D21-1D79-42A0-89C5-557A3D31B1DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {805941E8-2900-46AA-A175-EED0FC5D0D8C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {866C5C0E-E63F-423C-BD0E-3E707D4643B7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9619502C-0000-4347-8F45-EE760B63156F} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-03-04] (Lenovo)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A30010E1-C832-43D7-B7E3-512B97FBECAC} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {B47A663F-24D7-42AD-B0E8-C0DFDD977625} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {CB022CFD-A857-4B93-9DD4-90DBA1A844F5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-19] (Synaptics Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7366C05-C903-4E81-9D1E-3E395EC0D436} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DA9F7486-86B8-446E-8C0B-DEAD30263D00} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-17 19:44 - 2009-11-04 13:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2014-06-17 14:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-04 03:00 - 2012-04-24 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-04 03:02 - 2014-03-04 03:02 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-03-04 03:02 - 2014-03-04 03:02 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-03-04 03:02 - 2014-03-04 03:02 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-03-04 02:58 - 2013-11-18 17:40 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2013-12-05 11:24 - 2013-12-05 11:24 - 02330440 _____ () C:\Users\yousuf\AppData\Local\Pokki\ocdeskband_0.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-09-03 01:48 - 2014-09-03 01:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 03:02 - 2014-03-04 03:02 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-04 03:02 - 2014-03-04 03:02 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-03-04 02:58 - 2013-12-11 10:58 - 00044048 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2014-05-17 12:55 - 2014-05-17 12:55 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\d1c5274ccd6fb2b4b5dbddd0f0ca6c6e\Windows.System.ni.dll
2014-05-17 12:55 - 2014-05-17 12:55 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f6e236cd6041c81411f85852722670b\Windows.Networking.ni.dll
2014-05-17 12:55 - 2014-05-17 12:55 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-03-04 03:01 - 2014-03-04 03:01 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00569856 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 01400846 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00151054 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00222734 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\avformat-54.dll
2014-03-04 03:02 - 2014-03-04 03:02 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-03-04 03:02 - 2014-03-04 03:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-03-04 03:02 - 2014-03-04 03:02 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-03-04 02:35 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00716288 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\libglesv2.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00130048 _____ () C:\Users\yousuf\AppData\Local\Pokki\Engine\libegl.dll
2014-09-03 00:38 - 2014-08-26 01:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\yousuf\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2014 10:28:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.0.5350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1890

Start Time: 01cfcac0eda16625

Termination Time: 54

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 53230999-36b4-11e4-8286-7c7a915f9f0a

Faulting package full name:

Faulting package-relative application ID:

Error: (09/07/2014 10:26:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.0.5350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18ac

Start Time: 01cfcabf7c578998

Termination Time: 93

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 1d2f3e5b-36b4-11e4-8286-7c7a915f9f0a

Faulting package full name:

Faulting package-relative application ID:

Error: (09/07/2014 10:07:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2014 07:17:28 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 356656

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 356656

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/03/2014 02:31:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (09/03/2014 02:31:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (09/03/2014 03:03:45 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xffffe000d0b68040, 0xffffd000bf014950)C:\windows\MEMORY.DMP090314-24718-01

Error: (09/03/2014 00:56:22 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800aa8ae903)C:\windows\MEMORY.DMP090314-20296-01

Error: (09/03/2014 00:56:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:34:23 AM on ‎9/‎3/‎2014 was unexpected.

Error: (09/02/2014 11:36:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (09/02/2014 11:36:48 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (09/02/2014 11:30:41 PM) (Source: DCOM) (EventID: 10010) (User: BENTOBOX)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (09/02/2014 10:38:36 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The WRSVC service did not shut down properly after receiving a preshutdown control.

Error: (09/02/2014 10:21:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The WRSVC service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (09/07/2014 10:28:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.0.5350189001cfcac0eda1662554C:\Program Files (x86)\Mozilla Firefox\firefox.exe53230999-36b4-11e4-8286-7c7a915f9f0a

Error: (09/07/2014 10:26:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.0.535018ac01cfcabf7c57899893C:\Program Files (x86)\Mozilla Firefox\firefox.exe1d2f3e5b-36b4-11e4-8286-7c7a915f9f0a

Error: (09/07/2014 10:07:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234

Error: (09/03/2014 06:02:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2014 07:17:28 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 356656

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 356656

Error: (09/03/2014 01:09:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 53%
Total physical RAM: 4016.96 MB
Available physical RAM: 1870.05 MB
Total Pagefile: 8112.96 MB
Available Pagefile: 5399.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.22 GB) (Free:377.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.13 GB) NTFS
Drive f: (Reason 5) (CDROM) (Total:2.5 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DA82E817)

Partition: GPT Partition Type.

==================== End Of Log ============================

Edited by Karmafish, 07 September 2014 - 11:55 AM.

#7
ruggie_uk

Posted 07 September 2014 - 01:49 PM

Trusted Helper

Malware Removal
2,083 posts

Hi Karmafish, just to let you know I am currently reviewing the logs you have kindly provided.

I still need the ASWmbr log though please.

#8
Karmafish

Posted 07 September 2014 - 02:28 PM

Member

Topic Starter
Member
19 posts

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-07 11:05:19
-----------------------------
11:05:19.864    OS Version: Windows x64 6.2.9200
11:05:19.864    Number of processors: 4 586 0x4501
11:05:19.864    ComputerName: BENTOBOX UserName: yousuf
11:05:21.333    Initialize success
11:05:21.333    VM: initialized successfully
11:05:21.333    VM: Intel CPU BiosDisabled
11:05:22.755    VM: disk I/O iaStorA.sys
11:13:50.822    AVAST engine defs: 14090700
11:14:41.888    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000035
11:14:41.888    Disk 0 Vendor: WDC_WD5000M22K-24Z1LT0-SSHD-16GB 01.01A01 Size: 476940MB BusType: 11
11:14:41.951    Disk 0 MBR read successfully
11:14:41.969    Disk 0 MBR scan
11:14:41.976    Disk 0 unknown MBR code
11:14:41.976    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
11:14:42.007    Disk 0 scanning C:\windows\system32\drivers
11:14:53.079    Service scanning
11:15:18.492    Modules scanning
11:15:18.508    Disk 0 trace - called modules:
11:15:18.523    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
11:15:18.539    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000195d2060]
11:15:18.539    3 CLASSPNP.SYS[fffff8010e13c27b] -> nt!IofCallDriver -> [0xffffe000189a1970]
11:15:18.554    5 ACPI.sys[fffff8010d26b7aa] -> nt!IofCallDriver -> \Device\00000035[0xffffe000189a3060]
11:15:20.290    AVAST engine scan C:\
12:57:32.057    Scan finished successfully
13:27:27.739    Disk 0 MBR has been saved successfully to "C:\Users\yousuf\Desktop\MBR.dat"
13:27:27.754    The log file has been saved successfully to "C:\Users\yousuf\Desktop\aswMBR.txt"

#9
Karmafish

Posted 07 September 2014 - 02:29 PM

Member

Topic Starter
Member
19 posts

Sorry I didnt post it sooner, The scan was taking its time hahaha

#10
ruggie_uk

Posted 07 September 2014 - 04:34 PM

Trusted Helper

Malware Removal
2,083 posts

Hi Karmafish

P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

uTorrent

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Here are some useful links regarding the dangers of P2P software.

FBI Peer to Peer Risks
File Sharing Infects 500,000 Computers
It is your choice of course, but if you do decide to keep this program installed, please refrain from using it whilst we are performing your clean up.

FRST Fix
If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

Download the attached [attachment=72712:fixlist.txt] and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
Right click and run as administrator. When the tool opens click Yes to the disclaimer.
Press the Fix button.
It will produce a log called fixlog.txt on your Desktop.
Please copy and paste the contents of that log back here.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Items I need to see in your next post:

FRST Fixlog

#11
Karmafish

Posted 08 September 2014 - 03:13 AM

Member

Topic Starter
Member
19 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by yousuf at 2014-09-08 02:04:27 Run:1
Running from C:\Users\yousuf\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Pokki) C:\Users\yousuf\AppData\Local\Pokki\Engine\pokki.exe
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\...\Run: [Pokki] => C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {431ABDFE-53FD-4F31-AC73-328A4A21DDA9} URL =
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\yousuf\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
hosts:
Emptytemp:
End
*****************

C:\Users\yousuf\AppData\Local\Pokki\Engine\pokki.exe => No running process found
HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{431ABDFE-53FD-4F31-AC73-328A4A21DDA9}" => Key deleted successfully.
"HKCR\CLSID\{431ABDFE-53FD-4F31-AC73-328A4A21DDA9}" => Key not found.
"HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper" => Key deleted successfully.
C:\Users\yousuf\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll => Moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-1147817806-1637957022-706831719-1001\Software\Classes\exefile" => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 2.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#12
ruggie_uk

Posted 08 September 2014 - 03:57 AM

Trusted Helper

Malware Removal
2,083 posts

Hi Karmafish I hope you are well. There doesn't appear to be anything major on your computer. Your Master boot records appear fine.

Let's proceed to clear out the rubbish for you.

First...

Please download Junkware Removal Tool to your desktop. << Important

Shut down your protection software now to avoid potential conflicts.
Run the tool by right-clicking JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next...

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Click the Report button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

JRT lOG
ADWcleaner Scan log
How does it look so far from your end?

#13
Karmafish

Posted 08 September 2014 - 12:56 PM

Member

Topic Starter
Member
19 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by yousuf on Mon 09/08/2014 at 11:43:18.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/08/2014 at 11:51:54.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14
Karmafish

Posted 08 September 2014 - 01:00 PM

Member

Topic Starter
Member
19 posts

# AdwCleaner v3.309 - Report created 08/09/2014 at 11:58:42
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : yousuf - BENTOBOX
# Running from : C:\Users\yousuf\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\Extensions\[email protected]
Folder Found : C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\StumbleUpon

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1149 octets] - [08/09/2014 11:58:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1209 octets] ##########

#15
Karmafish

Posted 08 September 2014 - 01:11 PM

Member

Topic Starter
Member
19 posts

Everythings seems okay so far, the mouse issues stopped happening. I had pokki installed as my start menu but now its totally disappeared and wont show up. It still says its installed which is weird. I think it has something to do with turning off the UAC in the registry other than that though everything seems okay. I really appreciate this help.

Edited by Karmafish, 08 September 2014 - 02:18 PM.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: rootkit, malware, gmer

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,613 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,688 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,850 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,689 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,587 views	DR M 03 Feb 2022