Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My computer is infected

Started by BrendanV , Apr 03 2015 08:43 PM

This topic is locked

#1
BrendanV

Posted 03 April 2015 - 08:43 PM

Member

Member
18 posts

Hello, my computer is infected and when I open Firefox and Google Chrome, this is the tab that automatically opens: http://www-search.info/?src=us

I have used a few malware removal programs including Advanced Uninstaller Pro and Malwarebytes. I have tried to find the program in Programs and Features, but there always random unknown programs that I don't know how to get there. I uninstall them, but they keep coming back. I don't know what else to do. I'd appreciate your help. Thanks, Brendan Vigallon.

#2
zep516

Posted 03 April 2015 - 08:50 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Download the version of this tool for your operating system. To the DESKTOP ONLY....
Farbar Recovery Scan Tool (64 bit)
farbar-recovery-scan-tool/dl/81/Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

#3
BrendanV

Posted 03 April 2015 - 08:55 PM

Member

Topic Starter
Member
18 posts

Hi, thank you for your help. I did that already, what do I next?

#4
zep516

Posted 03 April 2015 - 09:05 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Post the log reports to the forum so I can see them, these are diagnostics scans they don't fix anything. I'll look at them and then we begin fixing.

#5
BrendanV

Posted 03 April 2015 - 09:15 PM

Member

Topic Starter
Member
18 posts

I keep trying, but it won't post. It just keeps loading and then it just stops without posting. But I'll try again.

#6
zep516

Posted 03 April 2015 - 09:19 PM

Trusted Helper

Malware Removal
8,093 posts

It's a windows 8 issue usually, so you will need to attach the log reports;

To do that;

How to attach a file:

Below the Reply to this topic box, click on More Reply Options button.
Scroll down and click on Browse button.
Click on Desktop (or wherever the file is located that you want to attach).
Scroll to find the image saved to Desktop (or wherever it may be located) and click on the image/file.
Click the Open button.
Click the Attach This File button.
Click Add Reply button once you have completed your post and are ready to submit.

#7
BrendanV

Posted 03 April 2015 - 09:36 PM

Member

Topic Starter
Member
18 posts

Here's the first one.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brendan (administrator) on JARVIS on 03-04-2015 19:22:27
Running from C:\Users\Brendan\Desktop
Loaded Profiles: Brendan (Available profiles: Brendan & Torin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\nsy1EBD.tmp
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\jnsz18E4.tmp
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Netflix, Inc.) C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8\Netflix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2014-02-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-05-29] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\Run: [WindApp] => "C:\Users\Brendan\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\Run: [Selection Tools] => "C:\Users\Brendan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\MountPoints2: {c275275c-e71c-11e3-8254-806e6f6e6963} - "E:\Autorun.exe"
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB64RN1.lnk
ShortcutTarget: 1AB64RN1.lnk -> C:\ProgramData\{79927090-4af8-a4eb-7992-270904afc241}\1AB64RN1.exe (Super PC Tools Ltd)
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\civilization 4 game.lnk
ShortcutTarget: civilization 4 game.lnk -> C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe ()
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49853;https=127.0.0.1:49853
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...nlogo=CT3331948
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...&D=040315&SSPV=
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3} URL =
Winsock: Catalog9 01 C:\windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 16 C:\windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{8AEF7E3B-F48F-4FA1-A4E3-C0F459E63706}: [NameServer] 192.168.1.1,208.67.220.220
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M15D18B3C-B481-47C6-8CAF-1827BC06D7D7&SearchSource=55&CUI=&UM=8&UP=SP72707F87-9D5F-4DE3-958B-41D6F16D8D40&D=031715&SSPV=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-708214694-1593697130-2342718439-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brendan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\user.js [2015-03-16]
FF SearchPlugin: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml [2015-04-03]
FF Extension: PCCpnApp - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected] [2015-03-16]
FF Extension: youtubeadblocker - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected] [2015-03-16]
FF Extension: UniDealsi - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected] [2015-03-16]
FF Extension: UniDDealsi - C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\Extensions\[email protected] [2015-03-16]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\dc7e1fc06102a3bcf3378056dd092d9d [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DAP\daplinkchecker

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR HKU\S-1-5-21-708214694-1593697130-2342718439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cutufono; C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\nsy1EBD.tmp [118784 2015-03-25] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 hycetuje; C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\jnsz18E4.tmp [124416 2015-03-16] () [File not signed]
R3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880 2015-03-17] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-02] (Electronic Arts)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-05-29] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-05-29] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-05-29] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
R1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 19:22 - 2015-04-03 19:23 - 00019764 _____ () C:\Users\Brendan\Desktop\FRST.txt
2015-04-03 19:21 - 2015-04-03 19:21 - 02095616 _____ (Farbar) C:\Users\Brendan\Desktop\FRST64.exe
2015-04-03 19:18 - 2015-04-03 19:22 - 00000000 ____D () C:\FRST
2015-03-24 13:01 - 2015-03-10 19:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 00943104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 13:01 - 2015-03-10 15:08 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-23 18:22 - 2015-04-03 19:22 - 00000296 _____ () C:\windows\Tasks\PC-Mechanic Maintenance.job
2015-03-23 18:22 - 2015-03-31 01:20 - 00000296 _____ () C:\windows\Tasks\PC-Mechanic Subscription.job
2015-03-23 18:22 - 2015-03-31 01:20 - 00000290 _____ () C:\windows\Tasks\PC-Mechanic Startup.job
2015-03-23 18:22 - 2015-03-23 18:22 - 00003198 _____ () C:\windows\System32\Tasks\PC-Mechanic Maintenance
2015-03-23 18:22 - 2015-03-23 18:22 - 00002568 _____ () C:\windows\System32\Tasks\PC-Mechanic Subscription
2015-03-23 18:22 - 2015-03-23 18:22 - 00002502 _____ () C:\windows\System32\Tasks\PC-Mechanic Startup
2015-03-23 18:22 - 2015-03-23 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-03-23 18:21 - 2015-03-26 22:58 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Uniblue
2015-03-23 18:21 - 2015-03-26 22:58 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2015-03-23 18:21 - 2015-03-23 18:27 - 00000000 ____D () C:\Users\Brendan\AppData\Local\PlutoTV
2015-03-23 18:21 - 2015-03-23 18:21 - 00000013 _____ () C:\Users\Brendan\.pluto.tv
2015-03-23 18:20 - 2015-04-03 18:20 - 00000354 _____ () C:\windows\Tasks\Health-Check.job
2015-03-23 18:20 - 2015-04-03 17:20 - 00000362 _____ () C:\windows\Tasks\Health-Check-deep.job
2015-03-23 18:20 - 2015-04-03 04:27 - 00000360 _____ () C:\windows\Tasks\Health-Check-auto.job
2015-03-23 18:20 - 2015-04-03 04:27 - 00000358 _____ () C:\windows\Tasks\UninstallMonitor.job
2015-03-23 18:20 - 2015-03-23 18:20 - 00002922 _____ () C:\windows\System32\Tasks\Health-Check-deep
2015-03-23 18:20 - 2015-03-23 18:20 - 00002914 _____ () C:\windows\System32\Tasks\Health-Check
2015-03-23 18:20 - 2015-03-23 18:20 - 00002618 _____ () C:\windows\System32\Tasks\Health-Check-auto
2015-03-23 18:20 - 2015-03-23 18:20 - 00002616 _____ () C:\windows\System32\Tasks\UninstallMonitor
2015-03-23 18:20 - 2015-03-23 18:20 - 00001628 _____ () C:\Users\Brendan\Desktop\Advanced Uninstaller PRO 11.lnk
2015-03-23 18:20 - 2015-03-23 18:20 - 00001512 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\RHEng
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Innovative Solutions
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\ProgramData\Innovative Solutions
2015-03-23 18:20 - 2015-03-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2015-03-23 18:20 - 2014-03-07 09:25 - 00042496 _____ () C:\windows\SysWOW64\AdvUninstCPL.cpl
2015-03-23 18:15 - 2015-03-23 18:16 - 18131200 _____ (Innovative Solutions ) C:\Users\Brendan\Downloads\Advanced_Uninstaller11.exe
2015-03-23 01:29 - 2015-03-23 01:29 - 02238600 _____ (Microsoft Corporation) C:\Users\Brendan\Downloads\DefaultPack.EXE
2015-03-23 01:28 - 2015-03-23 01:29 - 41840320 _____ (Microsoft Corporation) C:\Users\Brendan\Downloads\Windows-KB890830-x64-V5.22.exe
2015-03-22 03:17 - 2015-03-24 18:56 - 00008768 _____ () C:\windows\SysWOW64\VCLOff.ini
2015-03-22 03:17 - 2015-03-24 18:56 - 00008768 _____ () C:\windows\system32\VCLOff.ini
2015-03-22 03:15 - 2015-03-20 06:54 - 00335064 _____ (VC Corporation) C:\windows\SysWOW64\VCL.dll
2015-03-18 18:22 - 2015-03-24 00:13 - 00000972 ____N () C:\windows\DtcInstall.log
2015-03-17 03:34 - 2014-10-30 21:50 - 00088064 _____
2015-03-17 01:54 - 2015-03-17 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-17 01:54 - 2015-03-17 01:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-17 01:54 - 2015-03-17 01:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-17 01:52 - 2015-03-17 01:52 - 13087456 _____ (Microsoft Corporation) C:\Users\Brendan\Downloads\Silverlight_x64.exe
2015-03-16 23:13 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\3b347388000055a1
2015-03-16 22:15 - 2015-03-16 23:12 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\BitTorrent
2015-03-16 21:53 - 2015-03-16 21:53 - 00838144 _____ () C:\Users\Brendan\Downloads\Sid Meies Civilization IV Full Download For PC.exe
2015-03-16 21:44 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\a2022b38000075bc
2015-03-16 21:42 - 2015-03-16 21:42 - 00000000 ____D () C:\ProgramData\{cecff20f-c8da-a492-cecf-ff20fc8dc83f}
2015-03-16 20:45 - 2015-03-16 20:45 - 00000000 ____D () C:\Users\Brendan\Desktop\Screenshots
2015-03-16 20:40 - 2015-03-16 21:50 - 00000000 ____D () C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}
2015-03-16 20:38 - 2015-03-16 20:42 - 00000000 ____D () C:\Program Files (x86)\SectionLogistics
2015-03-16 20:37 - 2015-03-16 20:37 - 00000000 ____D () C:\ProgramData\1403549107226436317
2015-03-16 20:35 - 2015-03-16 20:35 - 00000000 ____D () C:\ProgramData\{3a0c3e94-ebf8-9e2d-3a0c-c3e94ebffa53}
2015-03-16 19:41 - 2015-03-16 19:41 - 00003270 _____ () C:\windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl
2015-03-16 19:41 - 2015-03-16 19:41 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl
2015-03-16 18:11 - 2015-03-16 18:11 - 00000000 ____D () C:\Users\Brendan\Documents\DreamVideoSoft
2015-03-16 18:10 - 2015-03-16 18:53 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-03-16 18:08 - 2015-03-16 18:11 - 00000000 ____D () C:\Users\Brendan\Documents\ProPCCleaner
2015-03-16 18:08 - 2015-03-16 18:08 - 00003196 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-03-16 18:08 - 2015-03-16 18:08 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Pro_PC_Cleaner
2015-03-16 17:51 - 2015-03-16 17:51 - 00001675 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-03-16 17:48 - 2015-03-16 17:48 - 00000046 _____ () C:\windows\wininit.ini
2015-03-16 17:43 - 2015-03-20 13:21 - 00005026 _____ () C:\Users\Brendan\Desktop\desmume.ini
2015-03-16 17:39 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\5aa2d5ae000008fe
2015-03-16 17:33 - 2015-03-19 19:16 - 00008720 _____ () C:\windows\SysWOW64\BasementDusterOff.ini
2015-03-16 17:33 - 2015-03-19 19:16 - 00008720 _____ () C:\windows\system32\BasementDusterOff.ini
2015-03-16 17:33 - 2015-03-16 08:21 - 00295808 _____ (BD Inc.) C:\windows\SysWOW64\BDL.dll
2015-03-16 17:31 - 2015-03-16 17:31 - 00000088 _____ () C:\Users\Brendan\AppData\Local\4cd0f59c192a391ef745cc71c87968a5
2015-03-16 17:29 - 2015-03-16 17:29 - 00000000 ____D () C:\ProgramData\COMODO
2015-03-16 17:29 - 2015-03-16 17:29 - 00000000 ____D () C:\Program Files\COMODO
2015-03-16 17:28 - 2015-03-16 18:52 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\WTools
2015-03-16 17:28 - 2015-03-16 17:50 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Store
2015-03-16 17:28 - 2015-03-16 17:28 - 00000078 _____ () C:\Users\Brendan\AppData\Roaming\WindApp.installation.log
2015-03-16 17:28 - 2015-03-16 17:28 - 00000078 _____ () C:\Users\Brendan\AppData\Roaming\Selection Tools.installation.log
2015-03-16 17:27 - 2015-03-16 17:51 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Nosibay
2015-03-16 17:27 - 2015-03-16 17:28 - 00005724 _____ () C:\Users\Brendan\AppData\Roaming\Bubble Dock.installation.log
2015-03-16 17:27 - 2015-03-16 17:28 - 00001283 _____ () C:\Users\Brendan\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-16 17:27 - 2015-03-16 17:27 - 00000097 _____ () C:\Users\Brendan\AppData\Roaming\WindApp.boostrap.log
2015-03-16 17:25 - 2015-03-16 17:46 - 00000000 ____D () C:\ProgramData\{79927090-4af8-a4eb-7992-270904afc241}
2015-03-16 17:23 - 2015-03-16 17:31 - 00773928 _____ (Generic ) C:\Users\Brendan\Downloads\3DS1123 - Pokemon Alpha Sapphire.exe
2015-03-16 17:22 - 2015-03-25 22:50 - 00000000 ____D () C:\Users\Brendan\AppData\Local\68FF34AA-1426526533-E311-9341-28D24490914C
2015-03-16 17:21 - 2015-03-25 22:50 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C
2015-03-16 17:16 - 2015-03-16 17:16 - 00639496 _____ () C:\Users\Brendan\Downloads\3DS_Emulator.exe
2015-03-15 23:23 - 2015-03-15 23:24 - 00000000 ____D () C:\Users\Brendan\Downloads\VisualBoyAdvanceM1229
2015-03-15 23:23 - 2015-03-15 23:23 - 00992379 _____ () C:\Users\Brendan\Downloads\VisualBoyAdvanceM1229.7z
2015-03-15 23:10 - 2015-03-16 17:43 - 00000000 ____D () C:\Users\Brendan\Desktop\States
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Users\Brendan\Desktop\Cheats
2015-03-15 23:10 - 2015-03-15 23:10 - 00000000 ____D () C:\Users\Brendan\Desktop\Battery
2015-03-15 23:07 - 2015-03-15 23:07 - 01961052 _____ () C:\Users\Brendan\Downloads\desmume-0.9.8-win32.zip
2015-03-15 23:05 - 2015-03-15 23:30 - 00000000 ____D () C:\Users\Brendan\Desktop\ROMS
2015-03-15 22:57 - 2015-03-15 22:58 - 27978403 _____ () C:\Users\Brendan\Downloads\Pokemon Diamond.zip
2015-03-15 22:57 - 2015-03-15 22:58 - 04928003 _____ () C:\Users\Brendan\Downloads\Pokemon - Sapphire Version (U).zip
2015-03-15 22:48 - 2015-03-15 23:06 - 00000000 ____D () C:\Users\Brendan\Downloads\Pokemon - Sapphire Version (USA)
2015-03-15 22:47 - 2015-03-15 22:47 - 00065536 _____ () C:\Users\Brendan\Downloads\Pokemon - Sapphire Version (USA).sav
2015-03-15 22:45 - 2015-03-15 22:45 - 04935261 _____ () C:\Users\Brendan\Downloads\Pokemon - Sapphire Version (USA).zip
2015-03-10 19:55 - 2015-02-06 16:09 - 00396419 _____ () C:\windows\system32\ApnDatabase.xml
2015-03-10 19:55 - 2015-02-03 16:58 - 00264000 _____

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 19:19 - 2014-11-11 00:19 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 19:01 - 2014-08-20 10:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{231079AA-DD04-447A-81A8-EC874E389A10}
2015-04-03 19:00 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-03 18:30 - 2014-11-12 17:25 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 18:13 - 2014-03-18 02:53 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-03 18:04 - 2014-08-25 01:23 - 01640590 _____ () C:\windows\WindowsUpdate.log
2015-04-03 17:46 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-03 16:30 - 2014-11-12 17:25 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 02:00 - 2014-08-20 12:53 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Adobe
2015-04-02 23:48 - 2014-08-20 22:53 - 00000000 ____D () C:\Users\Brendan\AppData\Local\CrashDumps
2015-03-31 03:20 - 2014-08-20 11:11 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-708214694-1593697130-2342718439-1002
2015-03-31 01:23 - 2014-11-25 11:50 - 00001298 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 01:23 - 2014-11-25 11:50 - 00001286 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-31 01:23 - 2014-11-12 17:26 - 00002398 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 01:23 - 2014-08-20 10:51 - 00001613 _____ () C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 01:20 - 2014-08-25 20:49 - 00000000 ___DO () C:\Users\Brendan\OneDrive
2015-03-31 01:15 - 2014-05-29 03:49 - 03969516 _____ () C:\windows\SysWOW64\rootpa.e2e
2015-03-31 01:14 - 2014-10-02 20:08 - 00018770 _____ () C:\windows\setupact.log
2015-03-31 01:14 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-31 01:13 - 2014-09-22 21:33 - 00170526 _____ () C:\windows\PFRO.log
2015-03-31 01:13 - 2014-05-29 04:34 - 00004608 _____ () C:\windows\system32\VfService.trf
2015-03-31 01:13 - 2013-08-22 06:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-03-25 22:50 - 2014-10-19 19:26 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Microsoft Help
2015-03-25 22:50 - 2014-10-13 20:51 - 00000000 ____D () C:\ProgramData\tmp
2015-03-25 22:50 - 2014-05-29 03:45 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-03-25 22:50 - 2013-08-22 06:36 - 00000000 ___HD () C:\Users\Default
2015-03-25 22:49 - 2014-09-23 19:38 - 00000000 ____D () C:\windows\Minidump
2015-03-24 22:23 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp
2015-03-24 22:22 - 2014-12-10 21:27 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-24 22:22 - 2014-08-23 18:17 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-24 18:57 - 2014-08-20 11:28 - 00000000 ____D () C:\ProgramData\Origin
2015-03-24 05:12 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache
2015-03-24 00:06 - 2014-03-18 02:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\sppui
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\Com
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\MediaViewer
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\FileManager
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\Camera
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-24 00:06 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-24 00:06 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\SysWOW64\oobe
2015-03-24 00:06 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\servicing
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sppui
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\setup
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Com
2015-03-24 00:05 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\IME
2015-03-24 00:05 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-24 00:05 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-03-24 00:05 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\oobe
2015-03-24 00:04 - 2013-08-22 08:36 - 00000000 ___SD () C:\windows\system32\dsc
2015-03-24 00:04 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2015-03-24 00:04 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\migwiz
2015-03-24 00:04 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\Dism
2015-03-24 00:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-24 00:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-24 00:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-24 00:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-24 00:01 - 2014-08-20 10:50 - 00000000 ____D () C:\Users\Brendan
2015-03-23 04:17 - 2013-08-22 08:36 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\msclmd.dll
2015-03-23 04:17 - 2013-08-22 08:36 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msclmd.dll
2015-03-23 01:32 - 2014-12-10 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 01:23 - 2014-10-19 19:00 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3
2015-03-23 01:23 - 2014-10-19 18:59 - 00000000 ____D () C:\Users\Brendan\AppData\Local\BeamNG
2015-03-22 16:09 - 2014-08-20 10:51 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Packages
2015-03-20 13:29 - 2014-08-20 11:10 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Nitro PDF
2015-03-16 21:51 - 2014-08-21 23:11 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2015-03-16 16:47 - 2014-08-20 18:51 - 00000000 ____D () C:\Users\Brendan\Steam
2015-03-15 23:09 - 2012-04-08 22:37 - 00978432 _____ () C:\Users\Brendan\Desktop\DeSmuME_dev.exe
2015-03-15 23:08 - 2012-04-09 12:17 - 00979456 _____ () C:\Users\Brendan\Desktop\DeSmuME.exe
2015-03-15 23:05 - 2014-08-20 00:30 - 00000000 ____D () C:\Users\Brendan\Documents\My Games
2015-03-15 22:39 - 2005-10-01 14:08 - 01974352 _____ (None) C:\Users\Brendan\Desktop\VisualBoyAdvance.exe
2015-03-15 01:13 - 2014-09-05 18:00 - 00000228 _____ () C:\Users\Brendan\BullseyeCoverageError.txt
2015-03-14 00:34 - 2013-08-22 07:44 - 00493776 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-14 00:31 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore
2015-03-14 00:31 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 00:31 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 18:48 - 2014-08-26 19:34 - 122905856 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 21:01 - 2014-08-26 19:34 - 00000000 ____D () C:\windows\system32\MRT
2015-03-05 00:08 - 2014-08-20 10:51 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\Adobe
2015-03-04 23:54 - 2015-03-01 23:42 - 00000000 ____D () C:\Users\Brendan\Desktop\Food Truck Design
2015-03-04 22:32 - 2015-03-02 00:45 - 00000034 _____ () C:\Users\Brendan\AppData\Roaming\AdobeWLCMCache.dat
2015-03-04 14:24 - 2014-10-16 18:41 - 00792032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 14:24 - 2014-10-16 18:41 - 00178144 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-02 00:45 - 2015-03-04 22:32 - 0000034 _____ () C:\Users\Brendan\AppData\Roaming\AdobeWLCMCache.dat
2015-03-16 17:27 - 2015-03-16 17:28 - 0001283 _____ () C:\Users\Brendan\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-16 17:27 - 2015-03-16 17:28 - 0005724 _____ () C:\Users\Brendan\AppData\Roaming\Bubble Dock.installation.log
2015-03-16 17:28 - 2015-03-16 17:28 - 0000078 _____ () C:\Users\Brendan\AppData\Roaming\Selection Tools.installation.log
2015-03-16 17:27 - 2015-03-16 17:27 - 0000097 _____ () C:\Users\Brendan\AppData\Roaming\WindApp.boostrap.log
2015-03-16 17:28 - 2015-03-16 17:28 - 0000078 _____ () C:\Users\Brendan\AppData\Roaming\WindApp.installation.log
2015-03-16 17:31 - 2015-03-16 17:31 - 0000088 _____ () C:\Users\Brendan\AppData\Local\4cd0f59c192a391ef745cc71c87968a5
2015-03-16 21:42 - 2015-03-16 23:13 - 0011736 _____ () C:\Users\Brendan\AppData\Local\Temp-log.txt
2014-05-29 03:51 - 2014-05-29 03:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Torin\AppData\Local\Temp\oct1F35.tmp.exe
C:\Users\Torin\AppData\Local\Temp\oct9D77.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-02 04:02

==================== End Of Log ============================

Attached Files

FRST.txt 481.54KB 137 downloads

#8
BrendanV

Posted 03 April 2015 - 09:38 PM

Member

Topic Starter
Member
18 posts

Here's the other one.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brendan at 2015-04-03 19:26:53
Running from C:\Users\Brendan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.4 (HKLM-x32\...\{2316BC3C-61AD-4289-8702-9DF0DFCA08ED}) (Version: 1.4 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.60.0.299 - Innovative Solutions)
AMD Catalyst Install Manager (HKLM\...\{665D4B18-EA91-BE16-3212-218C63F5DC4E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.52 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DC Universe Online (HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
DC Universe Online Live (HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\SOE-DC Universe Online Live) (Version: - Sony Online Entertainment)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo)
Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden
GameMaker 8.1 (HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\GameMaker81) (Version: - )
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.36.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo)
Lenovo Updates (x32 Version: 1.0.0.65 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Python 2.7 pygame-1.9.1 (HKLM-x32\...\{5D13804A-67B7-49DA-9B15-65B70A83B9C3}) (Version: 1.9.1 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.2.1 (HKLM-x32\...\{34B2530C-6349-4292-9DC3-60BDA4AED93C}) (Version: 3.2.1150 - Python Software Foundation)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\RollerCoaster Tycoon 2 Triple Thrill Pack_is1) (Version: - GOG.com)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Visual Basic 5.0 Professional Edition (HKLM-x32\...\VB5) (Version: - )
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

31-03-2015 04:06:34 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2014-12-09 20:43 - 00001195 ____A C:\windows\system32\Drivers\etc\hosts
1.3.3.8 cdncache-a.akamaihd.net
1.3.3.8 cdncache1-a.akamaihd.net
1.3.3.8 intext.linknavi1.com
1.3.3.8 fp130.digitaloptout.com
1.3.3.8 istatic.datafastguru.info
1.3.3.8 cdn.visadd.com
1.3.3.8 ext1.engageya.com
1.3.3.8 cjs.linkbolic.com
1.3.3.8 i.tubejs.info
1.3.3.8 i.crbfjs.info
1.3.3.8 i.fututbjs.info
1.3.3.8 i.iabfjs.info
1.3.3.8 i_crbfjs_info.tlscdn.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0215C75D-25FF-4855-B8B2-85D8BA044F77} - System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl => C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe [2015-03-15] () <==== ATTENTION
Task: {0A772DC4-7E19-4717-8AAC-B59F01303903} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {0BC19F72-FCEB-480B-95D3-6874BC2FD7DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {18C92672-3FCD-4F35-8FF5-D095C5433C52} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {248F8F90-3861-4C42-B25D-65558EF176BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {3DD24E4A-7DD0-43D5-93A1-661DFC89C912} - System32\Tasks\{D8098E5E-48A8-4D28-9229-DC3A72094605} => pcalua.exe -a C:\PROGRA~2\DAP\DAPREMOVE.EXE
Task: {4A47007E-EA03-431C-82B8-8E06F5FB08EE} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A} - System32\Tasks\SBWUpdateTask_Time_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
Task: {67F10FB3-1122-4030-A90F-BE7CABCD6023} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2015-03-17] (Innovative Solutions)
Task: {7D2D7777-1E53-431A-9E66-D2DF07271AEE} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {83B3623B-BC7F-49E7-BD77-D7D0442FBB88} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {9169F940-20FA-462F-B769-ABFDD51C13F5} - System32\Tasks\Health-Check-auto => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-03-17] (Innovative Solutions)
Task: {A1378528-73B4-49CE-96A5-27AD69EC58B2} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-03-17] (Innovative Solutions)
Task: {B0680504-656C-4F60-B08F-AE26C058A6E8} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {C065338E-EE40-423D-92D8-6F05A2F449AA} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3} - \GPUP No Task File <==== ATTENTION
Task: {D6509DDE-777C-47AF-A471-601F7FA91B3E} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {D80F0111-0C24-4936-9FFA-9CA913594EDA} - System32\Tasks\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION
Task: {DACC3FEC-A3E3-427E-8329-CAB362225D1A} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {E1502663-3130-4695-BF94-D15177084CAC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {E64B566B-85FE-440B-9718-E1379A8F09BC} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-03-17] (Innovative Solutions)
Task: {EF6D8DD8-7D7E-49DD-95F3-D6EF5AA5AC7F} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {FDD312D7-29C4-4478-AB2A-06581E81D97D} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\windows\Tasks\PC-Mechanic Subscription.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\windows\Tasks\UninstallMonitor.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-18 22:12 - 2014-04-18 22:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-25 22:21 - 2015-03-25 22:21 - 00118784 _____ () C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\nsy1EBD.tmp
2015-03-16 17:21 - 2015-03-16 17:21 - 00124416 _____ () C:\Users\Brendan\AppData\Roaming\68FF34AA-1426526464-E311-9341-28D24490914C\jnsz18E4.tmp
2014-05-29 04:28 - 2012-04-24 19:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-29 04:34 - 2014-05-29 04:34 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-05-29 04:34 - 2014-05-29 04:34 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2015-02-11 16:13 - 2015-02-11 16:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-23 18:20 - 2015-03-17 08:44 - 01064880 _____ () C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-03-16 20:40 - 2015-03-16 20:40 - 00838144 _____ () C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe
2015-02-26 05:46 - 2015-02-26 05:46 - 05185024 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\873b701d9b42e91132f08a6f05c4361a\Windows.UI.Xaml.ni.dll
2015-02-26 05:46 - 2015-02-26 05:46 - 01782784 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-03-09 06:20 - 2015-03-09 06:20 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-03-09 06:20 - 2015-03-09 06:20 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-02-26 05:47 - 2015-02-26 05:47 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-08-23 18:00 - 2014-08-23 18:00 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2015-03-09 06:20 - 2015-03-09 06:20 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2015-02-26 05:46 - 2015-02-26 05:46 - 01278464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-08-23 17:59 - 2014-08-23 17:59 - 00347136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll
2014-08-23 18:00 - 2014-08-23 18:00 - 02019840 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2015-03-04 03:10 - 2015-03-04 03:10 - 00050688 _____ () C:\Users\Brendan\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix.Winebddf6ee#\b9968470200ad32bd2a01db8a0093f66\Netflix.Windows.BridgeComponent.ni.dll
2015-03-04 03:10 - 2015-03-04 03:10 - 00017920 _____ () C:\Users\Brendan\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix.Win8062e102#\28124ae06be9c91f05737b7c510ae200\Netflix.Windows.Media.Audio.ni.dll
2015-02-26 05:46 - 2015-02-26 05:46 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-02-26 05:47 - 2015-02-26 05:47 - 01187328 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Media\b4a38f4800b3c8e839eb29296a16c4e2\Windows.Media.ni.dll
2015-03-04 03:10 - 2015-03-04 03:10 - 00030720 _____ () C:\Users\Brendan\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Netflix.Win614f5b60#\121d486acf453fa20bec089e512c3bd5\Netflix.Windows.Media.SourcePlugin.ni.dll
2015-02-04 04:31 - 2015-02-04 04:31 - 00295936 _____ () C:\Users\Brendan\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.M4ba42f23#\bbcfac78ed91cd9954ae80b073a6552e\Microsoft.Media.PlayReadyClient.ni.dll
2015-03-19 05:43 - 2015-03-19 05:43 - 00521216 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-03-23 18:20 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2014-11-12 17:26 - 2014-11-05 16:56 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
2014-11-12 17:26 - 2014-11-05 16:56 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\libegl.dll
2014-11-12 17:26 - 2014-11-05 16:57 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\pdf.dll
2014-11-12 17:26 - 2014-11-05 16:56 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll
2014-11-12 17:26 - 2014-11-05 16:57 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Brendan\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-708214694-1593697130-2342718439-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Brendan\Pictures\Logo-Batman-Wallpaper-HD.jpg
DNS Servers: 192.168.1.1 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "mwyyntm1ndi1zdz"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\StartupFolder: => "Nexon Launcher.lnk"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\StartupFolder: => "1AB64RN1.lnk"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\Run: => "Selection Tools"
HKU\S-1-5-21-708214694-1593697130-2342718439-1002\...\StartupApproved\Run: => "WindApp"

==================== Accounts: =============================

Administrator (S-1-5-21-708214694-1593697130-2342718439-500 - Administrator - Disabled)
Brendan (S-1-5-21-708214694-1593697130-2342718439-1002 - Administrator - Enabled) => C:\Users\Brendan
Guest (S-1-5-21-708214694-1593697130-2342718439-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-708214694-1593697130-2342718439-1004 - Limited - Enabled)
Torin (S-1-5-21-708214694-1593697130-2342718439-1006 - Limited - Enabled) => C:\Users\Torin

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (04/03/2015 07:17:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (04/03/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.9600.17415, time stamp: 0x54503a58
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc0000005
Fault offset: 0x0000000000001825
Faulting process id: 0x16cc
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3
Faulting package full name: SearchIndexer.exe4
Faulting package-relative application ID: SearchIndexer.exe5

Error: (04/03/2015 04:27:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15f8

Start Time: 01d06dda54c0fa21

Termination Time: 4294967295

Application Path: C:\windows\syswow64\wwahost.exe

Report Id: 6c552845-d9f4-11e4-82da-b8ee65e8356a

Faulting package full name: CWNetwork.TheCW_3.0.0.16_x86__vx96zvq64q0dj

Faulting package-relative application ID: App

System errors:
=============
Error: (04/03/2015 07:17:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).

Error: (04/03/2015 07:17:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%3221493760

Error: (04/03/2015 07:17:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (04/03/2015 04:16:51 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/03/2015 04:16:38 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/03/2015 04:16:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/03/2015 04:16:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%3221493760

Error: (04/03/2015 04:16:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/31/2015 01:16:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/31/2015 01:16:39 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%3221493760

Microsoft Office Sessions:
=========================
Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/03/2015 07:17:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
Search.TripoliIndexer

Error: (04/03/2015 07:17:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (04/03/2015 07:17:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
2801

Error: (04/03/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.9600.1741554503a58msvcrt.dll7.0.9600.17415545055fec0000005000000000000182516cc01d06dff9dbb154eC:\windows\system32\SearchIndexer.exeC:\windows\system32\msvcrt.dllb3fce7c6-da70-11e4-82da-b8ee65e8356a

Error: (04/03/2015 04:27:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741515f801d06dda54c0fa214294967295C:\windows\syswow64\wwahost.exe6c552845-d9f4-11e4-82da-b8ee65e8356aCWNetwork.TheCW_3.0.0.16_x86__vx96zvq64q0djApp

CodeIntegrity Errors:
===================================
Date: 2015-04-02 08:09:04.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:09:03.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:09:03.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:09:03.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:09:02.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:09:02.465
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:08:55.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:08:55.152
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:08:54.683
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-02 08:08:54.340
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 51%
Total physical RAM: 3544.26 MB
Available physical RAM: 1703.18 MB
Total Pagefile: 7128.26 MB
Available Pagefile: 4151.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.42 GB) (Free:806.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS
Drive e: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8D3E1BAA)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files

Addition.txt 38.18KB 290 downloads

#9
zep516

Posted 03 April 2015 - 09:43 PM

Trusted Helper

Malware Removal
8,093 posts

Very good.

You said you ran Malwarebytes, can you post that log, it should paste directly in without attaching it,

To get the Malwarebytes log;

open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

See if you can get that for me. I need some time to look over those logs you posted for me.

Thanks
Joe

#10
BrendanV

Posted 03 April 2015 - 09:49 PM

Member

Topic Starter
Member
18 posts

I believe I may have uninstalled it. Should I download it again?

#11
zep516

Posted 03 April 2015 - 09:55 PM

Trusted Helper

Malware Removal
8,093 posts

I still see it in your uninstall list;
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

So it appears to be still on the computer, maybe you just deleted the desktop short cut. See if you can find it and run a scan with it, quick scan, while I look over the logs.