Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Infected! [Closed]

Started by zerox , Jul 01 2015 06:07 PM

This topic is locked

#1
zerox

Posted 01 July 2015 - 06:07 PM

New Member

Member
1 posts

Hello... My notebook`s Webroot security system has been acting weird for like two weeks...

Someday it started to show an alert (which I attached) , but i didn`t really do anything about it. But now, the alert has changed (about the infection description), and I am very scared.

But I realized that the problem was caused by the same program over and over (`spsetup.exe`).

`Win32.LocalInfect.2` was the name of the different infection type.

------------------------------------------FRST.txt : -------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Wilson (administrator) on WILSON-PC on 01-07-2015 20:50:40
Running from C:\Users\Wilson\Desktop
Loaded Profiles: Wilson (Available Profiles: Wilson)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1043_x64__8wekyb3d8bbwe\onenoteim.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.247\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-04-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-03-25] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2014-12-27] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-12-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-12-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [821192 2015-07-01] (Webroot)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-04-09]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-04-09]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.lenovo.com
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-04-09] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-04-09] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-04-09] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-04-09] (Webroot)
Tcpip\Parameters: [DhcpNameServer] 201.6.2.103 201.6.2.183
Tcpip\..\Interfaces\{06B3C302-B917-4133-9AC2-18411E0263C3}: [DhcpNameServer] 201.6.2.103 201.6.2.183
Tcpip\..\Interfaces\{66B1569F-7BF2-4686-82BD-A3A1696EEDE4}: [DhcpNameServer] 201.6.2.103 201.6.2.183

FireFox:
========
FF ProfilePath: C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\bek5wgl1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-15] (Nitro PDF)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-03]
FF Extension: Webroot Password Manager - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\bek5wgl1.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-04-09]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\bek5wgl1.default\Extensions\[email protected] [2015-04-05]
FF Extension: Adblock Plus - C:\Users\Wilson\AppData\Roaming\Mozilla\Firefox\Profiles\bek5wgl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-04-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [977664 2014-07-10] (Broadcom Corporation.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-08-25] (ClientConnect LTD)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-16] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2014-12-27] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-12-27] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-27] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-10] (Maxthon)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-15] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-15] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-04-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-04-29] (NVIDIA Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [515336 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2014-12-27] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2014-12-27] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-12-27] (Lenovo)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-12-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [821192 2015-07-01] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2014-01-29] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 BtuYpjtN; C:\Windows\System32\drivers\BtuYpjtN.sys [116224 2015-06-25] (Webroot)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 HUPQaTIH; C:\Windows\System32\drivers\HUPQaTIH.sys [116224 2015-07-01] (Webroot)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2014-04-29] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-23] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9113304 2014-03-25] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-04-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-07-01] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S0 HeJVyrVO; System32\drivers\HeJVyrVO.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S0 xYbMRPRu; System32\drivers\xYbMRPRu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 20:50 - 2015-07-01 20:50 - 00031501 _____ C:\Users\Wilson\Desktop\FRST.txt
2015-07-01 20:49 - 2015-07-01 20:50 - 00000000 ____D C:\FRST
2015-07-01 20:46 - 2015-07-01 20:46 - 02112512 _____ (Farbar) C:\Users\Wilson\Desktop\FRST64.exe
2015-07-01 17:32 - 2015-07-01 17:32 - 00116224 _____ (Webroot) C:\windows\system32\Drivers\HUPQaTIH.sys
2015-06-25 23:02 - 2015-06-25 23:02 - 00116224 _____ (Webroot) C:\windows\system32\Drivers\BtuYpjtN.sys
2015-06-16 20:21 - 2015-06-16 20:21 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Wilson\Downloads\flashplayer18au_gd_install.exe
2015-06-13 20:16 - 2015-06-13 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 20:15 - 2015-06-13 20:16 - 00000000 ____D C:\Users\Wilson\Desktop\nfsworld
2015-06-13 19:42 - 2015-06-13 19:42 - 00000000 ____D C:\Users\Wilson\Documents\Need for Speed World
2015-06-12 22:42 - 2015-06-12 22:42 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Need for Speed World
2015-06-12 22:27 - 2015-06-12 22:27 - 00000000 ____D C:\Users\Wilson\AppData\Local\Electronic_Arts_Inc
2015-06-12 22:27 - 2015-06-12 22:27 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-12 22:25 - 2015-06-12 22:25 - 06400680 _____ (Electronic Arts ) C:\Users\Wilson\Downloads\setup_nfsw.exe
2015-06-10 20:48 - 2015-04-08 19:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-10 20:47 - 2015-05-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 20:47 - 2015-05-25 10:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 20:47 - 2015-04-16 03:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-10 20:47 - 2015-04-13 19:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-10 20:47 - 2015-04-13 19:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-10 20:47 - 2015-04-09 21:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-10 20:47 - 2015-04-09 21:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-10 20:47 - 2015-04-08 19:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-10 20:47 - 2015-04-01 19:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-10 20:47 - 2015-04-01 19:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-10 20:47 - 2015-04-01 01:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-10 20:47 - 2015-04-01 01:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-10 20:47 - 2015-04-01 01:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-10 20:47 - 2015-04-01 01:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-10 20:47 - 2015-04-01 00:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-10 20:47 - 2015-04-01 00:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-10 20:47 - 2015-04-01 00:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-10 20:47 - 2015-03-31 23:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-10 20:47 - 2015-03-31 23:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 20:47 - 2015-03-31 23:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-10 20:47 - 2015-03-31 23:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-10 20:47 - 2015-03-31 23:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-10 20:47 - 2015-03-31 23:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-10 20:47 - 2015-03-20 00:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-10 20:47 - 2015-03-20 00:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-10 20:47 - 2015-03-19 23:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-10 20:47 - 2015-03-19 23:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-10 20:47 - 2015-03-01 22:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-10 20:47 - 2015-03-01 22:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-10 20:45 - 2015-06-10 20:45 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\NVIDIA
2015-06-09 21:36 - 2015-05-27 11:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-09 21:36 - 2015-05-27 11:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-09 21:36 - 2015-05-22 15:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-09 21:36 - 2015-04-24 23:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-09 21:36 - 2015-04-24 23:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-09 21:35 - 2015-05-23 00:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-09 21:35 - 2015-05-23 00:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-09 21:35 - 2015-05-23 00:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-09 21:35 - 2015-05-23 00:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-09 21:35 - 2015-05-23 00:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-09 21:35 - 2015-05-22 23:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-09 21:35 - 2015-05-22 23:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-09 21:35 - 2015-05-22 23:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-09 21:35 - 2015-05-22 23:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-09 21:35 - 2015-05-22 23:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-09 21:35 - 2015-05-22 23:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-09 21:35 - 2015-05-22 23:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-09 21:35 - 2015-05-22 23:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-09 21:35 - 2015-05-22 23:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-09 21:35 - 2015-05-22 23:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-09 21:35 - 2015-05-22 23:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-09 21:35 - 2015-05-22 23:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-09 21:35 - 2015-05-22 23:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-09 21:35 - 2015-05-22 16:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-09 21:35 - 2015-05-22 16:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-09 21:35 - 2015-05-22 16:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-09 21:35 - 2015-05-22 15:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-09 21:35 - 2015-05-22 15:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-09 21:35 - 2015-05-22 15:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-09 21:35 - 2015-05-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-09 21:35 - 2015-05-22 15:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-09 21:35 - 2015-05-22 15:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-09 21:35 - 2015-05-22 15:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-09 21:35 - 2015-05-22 15:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-09 21:35 - 2015-05-22 15:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-09 21:35 - 2015-05-22 15:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-09 21:35 - 2015-05-22 15:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-09 21:35 - 2015-05-22 14:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-09 21:35 - 2015-05-22 14:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-09 21:35 - 2015-05-22 14:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-09 21:35 - 2015-05-22 14:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-09 21:35 - 2015-05-22 14:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-09 21:35 - 2015-05-21 13:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-04 23:05 - 2015-05-22 10:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-04 23:05 - 2015-05-21 10:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-04 23:05 - 2015-04-16 19:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-03 20:14 - 2015-06-03 20:14 - 00000000 ____D C:\Users\Wilson\AppData\Local\GWX
2015-06-02 20:41 - 2015-06-08 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 20:50 - 2015-04-09 21:28 - 00000000 ____D C:\ProgramData\WRData
2015-07-01 20:49 - 2015-04-08 16:53 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Skype
2015-07-01 20:34 - 2015-04-05 14:42 - 00000000 ____D C:\Users\Wilson\AppData\Local\Pokki
2015-07-01 20:07 - 2015-04-21 20:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 20:02 - 2013-08-22 12:36 - 00000000 ____D C:\windows\system32\sru
2015-07-01 19:47 - 2014-12-27 05:12 - 01651743 _____ C:\windows\WindowsUpdate.log
2015-07-01 19:39 - 2015-04-05 14:49 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2211272668-336580097-1300332483-1001
2015-07-01 18:44 - 2013-08-22 12:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-01 14:37 - 2015-04-09 21:29 - 00166128 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2015-07-01 14:37 - 2015-04-09 21:29 - 00116224 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2015-07-01 14:37 - 2015-04-09 21:29 - 00103816 _____ (Webroot) C:\windows\system32\WRusr.dll
2015-07-01 14:37 - 2015-04-09 21:29 - 00000770 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-07-01 14:33 - 2015-04-08 20:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-01 14:32 - 2015-04-08 16:51 - 00000000 ____D C:\Users\Wilson\OneDrive
2015-06-28 14:43 - 2015-04-21 20:29 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-28 14:43 - 2015-04-08 17:50 - 00000000 ____D C:\Users\Wilson\AppData\Local\Adobe
2015-06-25 21:48 - 2013-08-22 12:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-25 20:12 - 2013-08-22 11:46 - 00032402 _____ C:\windows\setupact.log
2015-06-20 00:02 - 2013-08-22 12:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 00:02 - 2013-08-22 12:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 23:08 - 2014-12-27 06:00 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-06-16 20:21 - 2014-12-27 06:12 - 00000000 ____D C:\ProgramData\Energy Manager
2015-06-15 17:21 - 2015-04-10 22:14 - 00000000 ____D C:\windows\system32\MRT
2015-06-15 17:19 - 2015-04-10 22:14 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 22:41 - 2013-08-22 11:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-11 22:40 - 2014-12-27 06:01 - 00002560 _____ C:\windows\system32\VfService.trf
2015-06-11 22:40 - 2013-08-22 12:36 - 00000000 ___RD C:\windows\ToastData
2015-06-11 22:40 - 2013-08-22 10:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-10 21:27 - 2013-08-22 12:36 - 00000000 ____D C:\windows\rescache
2015-06-10 20:37 - 2013-08-22 11:44 - 00346864 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-10 00:11 - 2013-08-22 12:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-08 18:49 - 2015-04-05 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 18:49 - 2014-03-18 06:44 - 00027664 _____ C:\windows\PFRO.log
2015-06-08 18:47 - 2015-04-15 00:09 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-08 18:47 - 2015-04-15 00:09 - 00000000 ____D C:\windows\system32\appraiser
2015-06-07 19:42 - 2015-04-08 16:52 - 00000000 ____D C:\ProgramData\Skype
2015-06-03 20:12 - 2015-04-09 21:29 - 00041040 ____T (Webroot) C:\windows\system32\Drivers\wrUrlFlt.sys

==================== Files in the root of some directories =======

2015-04-09 21:39 - 2015-04-09 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Wilson\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Wilson\AppData\Local\Temp\oct6440.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\oct7649.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\oct92E.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\octCC62.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-30 23:04

==================== End of log ============================

--------------------------------------------Addition.txt---------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Wilson at 2015-07-01 20:51:02
Running from C:\Users\Wilson\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2211272668-336580097-1300332483-500 - Administrator - Disabled)
Guest (S-1-5-21-2211272668-336580097-1300332483-501 - Limited - Disabled)
Wilson (S-1-5-21-2211272668-336580097-1300332483-1001 - Administrator - Enabled) => C:\Users\Wilson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4505 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.1.30 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.1.30 - Nuance Communications, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
Energy Manager (x32 Version: 1.5.0.20 - Lenovo) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Host App Service (HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9840 - Broadcom Corporation)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.8 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.8 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1607.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1607.01 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.46 - Lenovo)
Lenovo Settings (x32 Version: 1.0.0.46 - Lenovo) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (x32 Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.3211 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.227 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Magic Transfer (x32 Version: 1.1.1.11 - Lenovo) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 pt-BR)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7257 - Realtek Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.87 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.0.64 - Webroot)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2211272668-336580097-1300332483-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

09-06-2015 22:19:10 Windows Update
12-06-2015 22:38:55 Windows Update
23-06-2015 20:54:12 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05161597-688A-41A4-9B8C-7EFB4A8CC9F7} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-04-05] (Lenovo)
Task: {0792FD9F-6BDC-42BD-A245-DEA7D3E3C0B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-15] (Microsoft Corporation)
Task: {120C4A49-B691-4FD2-AA25-55BDED6CE3FC} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {1BE6194D-D7F2-46FD-AF37-010FFFB94EA9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {45547325-63BA-4E1B-B7D9-2623FC1DD53A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {4A2DCA0E-A290-4068-8B04-30F48EBD21C4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6B24E600-7902-4088-9401-CB43A235B40D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {705E648C-44D7-4B2B-A932-93D37903FD3F} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {9CE40B06-4446-407E-BE0A-F443DB9E0383} - System32\Tasks\Lenovo\StartLenovoMessenger => C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe [2014-11-21] ()
Task: {A6A8FCC3-7C53-489A-91DF-AC67FCEE0B5F} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {D878A609-0CA2-4509-94C7-752E7D559388} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-21] (Synaptics Incorporated)
Task: {DF9F1BE6-419B-4EB6-82D2-125F4CD4E350} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {E378BDFF-E821-478A-94A3-9D89F17A49D0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {FEC96526-CEAB-4D82-B791-152C15AE8004} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-28] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-10 21:33 - 2014-07-10 21:33 - 00049408 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-12-27 06:08 - 2014-12-27 06:08 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2014-05-15 23:39 - 2014-05-15 23:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2014-12-27 06:05 - 2012-04-24 07:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-27 06:01 - 2014-12-27 06:01 - 00068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-12-27 06:01 - 2014-12-27 06:01 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-12-27 05:58 - 2014-07-09 22:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2014-12-27 06:08 - 2014-12-27 06:08 - 00815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2014-12-27 05:25 - 2014-03-24 09:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-27 05:58 - 2014-07-09 22:19 - 00397296 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2014-12-27 05:32 - 2013-10-01 06:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-04-22 00:01 - 2014-04-16 05:29 - 00080312 _____ () C:\windows\system32\igfxexps.dll
2014-03-26 17:50 - 2014-12-27 06:11 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2013-05-09 22:58 - 2013-05-09 22:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-06-10 20:51 - 2015-06-10 20:51 - 02360312 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.247\deploy\LoLLauncher.exe
2015-06-10 20:51 - 2015-06-10 20:51 - 03924472 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\LoLPatcher.exe
2015-04-05 15:21 - 2015-04-05 15:21 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\LolClient.exe
2014-05-28 17:42 - 2014-05-28 17:42 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-12-27 05:21 - 2013-09-16 17:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-08 21:16 - 2015-04-16 14:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-08 21:16 - 2015-04-22 23:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-08 21:16 - 2015-06-04 15:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-08 21:16 - 2015-04-22 23:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-08 21:16 - 2015-04-22 23:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-08 21:15 - 2014-12-01 18:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-08 21:15 - 2014-12-01 18:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-08 21:15 - 2014-12-01 18:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-08 21:15 - 2014-12-01 18:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-08 21:15 - 2014-12-01 18:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-08 21:16 - 2015-06-04 15:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-05-28 17:42 - 2014-05-28 17:42 - 02401032 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2014-12-27 06:06 - 2014-07-04 01:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 17:35 - 2014-07-04 17:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-04-08 21:16 - 2015-05-11 16:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-28 17:15 - 2015-04-28 17:15 - 00569856 _____ () C:\Users\Wilson\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 17:15 - 2015-04-28 17:15 - 01400846 _____ () C:\Users\Wilson\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 17:15 - 2015-04-28 17:15 - 00151054 _____ () C:\Users\Wilson\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 17:15 - 2015-04-28 17:15 - 00222734 _____ () C:\Users\Wilson\AppData\Local\Pokki\Engine\avformat-54.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 17:53 - 2013-03-07 17:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 21:55 - 2010-01-12 21:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 21:55 - 2010-01-12 21:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 17:16 - 2010-12-16 17:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2010-01-18 04:34 - 2010-01-18 04:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 17:55 - 2013-03-07 17:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 17:58 - 2013-03-07 17:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 17:54 - 2013-03-07 17:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 17:56 - 2010-12-17 17:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2015-06-10 20:51 - 2015-06-10 20:51 - 01672696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.31\deploy\RiotLauncher.dll
2015-04-05 15:12 - 2015-04-05 15:12 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Wilson\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 201.6.2.103 - 201.6.2.183

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{011A56CD-40E6-4DD3-B7A3-FE81F5E66294}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD788B2A-915E-4793-A549-62DB52E19FF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D160A631-83B8-47C6-B5E3-6C828CCCF2C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{844E074C-3B25-4343-BEAB-64E45E3173B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0766482D-89AD-45BB-A911-7A77206FBB8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F7AE8CCB-D059-4BA0-AE3C-594405E697C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{682C5AE8-68BE-4059-AFC9-962FF6F67879}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{45010990-E816-4C7D-99A5-9B75F9B770BC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{4D33A9A7-7022-482C-8625-3B82C6288343}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{8C564D88-EADB-4528-A0B2-6DD57171B1EE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D1CEF551-7314-4B2C-8F7F-62B00BF4359C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BB2B8FAA-455E-4C7F-9068-256D678CC577}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DC510D81-C3D7-4048-A410-6BAE717BE3B3}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{67FB6F8E-DA5F-43B4-9D23-9D1549DE5345}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{438ED4C2-F252-46CE-ACAE-903816ADD354}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C9B1FAC4-0661-406A-A134-16585378C2FE}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{71AF4EBE-8895-4F73-B8F4-F57DFC4E256E}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
FirewallRules: [{A2836DA2-ED0C-4991-9263-848D667F7EFE}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{5157769C-5D5E-48FC-9896-EFB5401610DA}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{DD51BE98-1900-43DC-91A2-3999A1D24D44}] => (Allow) LPort=55100
FirewallRules: [{6A0EF912-F92C-4843-90F3-60777D047E2F}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{9D2963DA-A067-40B0-ACFB-021264D583AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B711E22-FE35-423F-B522-DDD9CDD8FE94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{663E3F88-C36F-4E73-9BD5-6D201C7B129C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{622E8E38-DB4F-443E-8544-91723AA63617}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A989FF8-9AC4-44A8-B499-C8FE26440502}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84028039-9A37-413E-9C23-7B0B8C1B5DE0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5DED6A1-7483-421F-BA9A-03C44D7BFBA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4EBD59EC-7962-4864-81A5-8D90C86EA12E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{D68B5A56-B87D-4113-B035-2545F6EA77ED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{78B944CA-5C2C-4B4F-9F3A-327645DBE3D9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2F716908-9399-43C7-AAB3-2E663ED395E1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7C90C2D9-4D18-4943-9096-D564221F8EED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D1D200E-F90A-4C29-9483-84491E603279}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4E93893F-BAC3-48B4-96D1-CACF79999379}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2ADADB2-992B-4A20-9881-F0BE0A699F28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32541EE6-DF9E-480D-A028-ED45A7982848}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{315D8922-326C-4C66-8264-BCEBCF6DA8CA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{F65D343C-8917-4A61-AAB6-D3D264B54EBF}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2015 11:45:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/30/2015 11:04:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume WINRE_DRV was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/29/2015 00:04:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/27/2015 08:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0006dd76
Faulting process id: 0xf88
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3
Faulting package full name: LolClient.exe4
Faulting package-relative application ID: LolClient.exe5

Error: (06/26/2015 10:00:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/26/2015 10:00:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/26/2015 10:00:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2015 10:17:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume WINRE_DRV was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/23/2015 09:20:47 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: lol_rads_riotgames_comLoLPatcherUx4632621

Error: (06/21/2015 11:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 67828

System errors:
=============
Error: (06/30/2015 11:45:50 PM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/30/2015 11:45:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/29/2015 00:04:59 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/29/2015 00:04:59 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/29/2015 00:04:58 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/29/2015 00:04:58 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/29/2015 00:04:52 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/28/2015 04:35:36 PM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/28/2015 04:35:36 PM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/28/2015 01:03:14 AM) (Source: DCOM) (EventID: 10010) (User: WILSON-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Microsoft Office:
=========================
Error: (06/30/2015 11:45:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/30/2015 11:04:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRE_DRVThe parameter is incorrect. (0x80070057)

Error: (06/29/2015 00:04:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/27/2015 08:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76f8801d0b132e2b50d2aC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.149\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll55a8b3b8-1d27-11e5-826d-1008b1e4d150

Error: (06/26/2015 10:00:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/26/2015 10:00:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/26/2015 10:00:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILSON-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/23/2015 10:17:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRE_DRVThe parameter is incorrect. (0x80070057)

Error: (06/23/2015 09:20:47 PM) (Source: BugSplat) (EventID: 1) (User: )
Description: lol_rads_riotgames_comLoLPatcherUx4632621

Error: (06/21/2015 11:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 67828

CodeIntegrity Errors:
===================================
Date: 2015-05-17 19:54:17.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 19:52:06.084
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-09 02:01:57.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16296.27 MB
Available physical RAM: 12750.62 MB
Total Pagefile: 18728.27 MB
Available Pagefile: 14787.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.91 GB) (Free:821.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20D24568)

Partition: GPT Partition Type.

==================== End of log ============================

Attached Thumbnails

#2
Sugartooth

Posted 02 July 2015 - 02:40 PM

Member

Member
881 posts

Hello zerox and Welcome to Geeks to Go!

My name is Sugartooth and I will be helping you with your malware removal. I am currently in training so my posts will need to be reviewed by my instructor. On the positive side, you get to have two people working towards a resolution of your computer problems instead of just one.

A few important points to go over before we begin:

I highly recommend backing up any critical personal files on your machine to a safe place (not on this computer) before we start as it is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine.
Please do not install any new software during the cleaning process other than the tools I provide for you. Running other programs can interfere with the tools we use and hinder the cleaning process by producing unpredicted results.
Please make sure that all the programs I ask you to download are downloaded to, and run from, your Desktop.
This is a complicated process. It will require several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order. Just because you no longer see any symptoms, doesn't mean all the malware has been removed. I will need for you to stay with me until I tell you that your computer is clean.
Once your computer has been given a clean bill of health, I will give you instructions on how to remove all the tools that I had you install.
Since I am not physically able to view your computer, I will need for you to describe as fully as possible what symptoms you are experiencing and any changes between fixes.
If at any time you do not understand my instructions, or something unexpected happens, DO NOT CONTINUE. STOP AND ASK. I will get back to you as soon as I can. If you do not hear from me in 48 hours, send me a PM (Private Message).
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
I recommend printing out these instructions so that you will be able to refer to them while working on your machine or save it to Notepad and place it on your Desktop. Part of the solution to your problem may involve us working in Safe Mode and you will need them to go by.
- To access Notepad, click on the Start Menu>All Programs>Accessories>Notepad.
Please make sure you reply within 4 days to my responses. If there is no reply within 4 days, this topic will be closed and you will need to request that it be reopened. To do so, please contact me or any Moderator with the address of this thread by PM (Private Message).

I'm currently in the process of reviewing your logs. Please be patient. I'll get back to you as soon as I can.

#3
Sugartooth

Posted 03 July 2015 - 03:52 PM

Member

Member
881 posts

Hello zerox,

Sorry about the delay.

Step 1
Program Uninstalls

I will be removing Pokki from your machine as it's a Potentially Unwanted Program. It's related to Conduit. You can read about that here.

Classic Shell is a good alternative. It can be downloaded here if you'd like.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. If you are asked to restart the computer, answer No until all the programs have been uninstalled and then you can restart. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended.

Go to Control Panel > Programs and Features, and uninstall the following programs. If you aren't sure how to get there, see this link.

aTube Catcher
Host App Service
Lenovo Browser Guard
Start Menu (This would be from Pokki)

Step 2
FRST Fix

1. Open notepad (Go to Search (looks like a magnifying glass) in the upper right of your screen and type Notepad). Copy/paste the text present inside the code box below.
To Copy: Highlight the contents of the box, right-click on it, and choose Copy. To Paste: In the opened notepad, right-click and select Paste.

Warning: These fixes have been customized for this computer only. If you are NOT this user, DO NOT follow these directions as the tools used may damage your computer.

Start
CreateRestorePoint:
CloseProcesses: 
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe     
C:\Program Files (x86)\LenovoBrowserGuard        
(ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe 
C:\Users\Wilson\AppData\Local\Pokki
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\HostAppService.exe           
(Pokki) C:\Users\Wilson\AppData\Local\Pokki\Engine\StartMenuIndexer.exe        
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON                 
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\...\Run: [Power2GoExpress8] => [X]                    
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)                    
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =                                             
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =                                          
Tcpip\Parameters: [DhcpNameServer] 201.6.2.103 201.6.2.183                                
Tcpip\..\Interfaces\{06B3C302-B917-4133-9AC2-18411E0263C3}: [DhcpNameServer] 201.6.2.103 201.6.2.183               
Tcpip\..\Interfaces\{66B1569F-7BF2-4686-82BD-A3A1696EEDE4}: [DhcpNameServer] 201.6.2.103 201.6.2.183     
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-08-25] (ClientConnect LTD)                         
U0 SR; No ImagePath                        
U2 srservice; No ImagePath                 
2015-06-10 20:48 - 2015-04-08 19:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-07-01 20:34 - 2015-04-05 14:42 - 00000000 ____D C:\Users\Wilson\AppData\Local\Pokki                 
2015-04-09 21:39 - 2015-04-09 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl             
C:\Users\Wilson\AppData\Local\Temp\mccspuninstall.exe         
C:\Users\Wilson\AppData\Local\Temp\oct6440.tmp.exe             
C:\Users\Wilson\AppData\Local\Temp\oct7649.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\oct92E.tmp.exe
C:\Users\Wilson\AppData\Local\Temp\octCC62.tmp.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""                    
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""                           
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!                      
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2211272668-336580097-1300332483-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Hosts:
CMD: bitsadmin /reset /allusers
EmptyTemp:
End

2. Click on File > Save as... and a Save As box will appear.

You will need to save this file to your Desktop. Under Favorites in the left column, locate Desktop and click on it.

Inside the File Name: box type fixlist.txt

Click the Save button and the box will close.

You can now close Notepad by clicking on the X in the top right corner.

NOTE: => It's important that both files, FRST64 and fixlist.txt are in the same location (on the Desktop) or the fix will not work.

3. Right click FRST64 and select Run as administrator. When the tool opens click Yes to the UAC. Click the Fix button just once and wait.
NOTE: => FRST may check and download an updated version.
After the completion, a log (Fixlog.txt) will be produced. Copy and Paste the contents of the log in your next reply.

Step 3
Scan with AdwCleaner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here. Re-enable them after you have completed the steps.

I would like for you to do a Scan only. Do not use the Cleaning feature.

1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right click on AdwCleaner and select Run as administrator. Accept the User Account Control prompt.
4. The first time the tool is opened, you will need to accept the Terms of use.

5. Click on Scan.
6. Once the scan has finished, it will say Waiting for action. Please uncheck elements you want to keep.
7. Click on the Logfile button. AdwCleaner[R0].txt will open. Copy and paste the log into your next reply for my review.
8. Close the program by clicking on the X located in the top right corner. Click Yes to confirm you want to close the program without cleaning.
*The log is also saved at C:\AdwCleaner\AdwCleaner[R0].txt

Step 4
VirusTotal

Go to the VirusTotal site.
Click the button.
Copy and paste the following files, one at a time, in File name:

c:\windows\system32\drivers\HeJVyrVO.sys
c:\windows\system32\drivers\xYbMRPRu.sys

Click Open.
Click the button.

Note: If you receive a message saying that the file has already been analysed, click the button.

Wait for VirusTotal to upload the file and analyze it.
When the scanning is done, copy and paste the VirusTotal URL links (located in the Address Bar) from that scanning into your next reply.

Things I need to see in your next posting:

1. Were you able to uninstall all the programs?
2. Fixlog.txt
3. AdwCleaner[R0].txt
4. VirusTotal links to files
5. Information on how your computer is running now.

#4
Sugartooth

Posted 07 July 2015 - 04:35 AM

Member

Member
881 posts

Hi zerox,

Are you having any trouble with my instructions?

#5
Essexboy

Posted 09 July 2015 - 07:09 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.