Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

High svchost.exe usage, "Whoa! Google Chrome Has Crashed"

Started by thatguy7 , Aug 18 2015 12:33 AM

  • This topic is locked This topic is locked

#1
thatguy7
Posted 18 August 2015 - 12:33 AM

thatguy7

    Member

  • Member
  • PipPip
  • 76 posts

Thanks in advance for your help.  Today I noticed my svchost.exe running high and so I updated my MBAM, checked to "check for rootkits", then ran a scan.

 

During the scan, I got a strange error "Whoa! Google Chrome has crashed. Relaunch Now?"  It killed explorer.exe and all I could see on the screen was MBAM.  I had to hard reset (thus the disc errors below).  Additionally, a while back I lost a massive amount of disc space that was not used.  I had assumed my drive was going bad. 

 

Logs below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by CC (administrator) on CC-PC (18-08-2015 00:14:04)
Running from C:\Users\CC\Desktop
Loaded Profiles: UpdatusUser & CC (Available Profiles: UpdatusUser & CC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Buffalo Inc.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Palm) C:\Program Files\Palm, Inc\novacom\amd64\novacomd.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanDesktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-20] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-05-16] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-05-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-05-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-08-24] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-23] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2013-10-09] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-16] (Google Inc.)
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Run: [Google Update] => C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-20] (Google Inc.)
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77096 2014-03-04] (Intuit Inc.)
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Run: [GoogleChromeAutoLaunch_1E8459BDB4E7600525578057C58C5471] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Run: [Google Photos Backup] => C:\Users\CC\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-10] (Google, Inc)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-05-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2014-06-23]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2014-06-23]
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-02-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2013-10-07] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2013-10-07] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-21] (Google Inc.)
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC6D780C-EB1B-4F44-A11A-A7138E43B09E}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: @citrixonline.com/appdetectorplugin -> C:\Users\CC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\CC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: @talk.google.com/O1DPlugin -> C:\Users\CC\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: @tools.google.com/Google Update;version=3 -> C:\Users\CC\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: @tools.google.com/Google Update;version=9 -> C:\Users\CC\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: tdameritrade.com/thinkorswim -> C:\Users\CC\AppData\Local\thinkorswim\npthinkorswim.dll [2015-06-26] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4140377260-2868218508-1842448753-1001: tdameritrade.com/tossc -> C:\Users\CC\AppData\Local\thinkorswim\nptossc.dll [2015-06-26] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\CC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\CC\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Xmarks - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\[email protected] [2014-06-04]
FF Extension: LastPass - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\[email protected] [2014-06-04]
FF Extension: Forecastfox - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-16]
FF Extension: WebSlingPlayer - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-11-22]
FF Extension: NASA Night Launch - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\[email protected] [2012-04-27]
FF Extension: Classic Compact Options - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\[email protected] [2012-04-27]
FF Extension: ReloadEvery - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-12-11]
FF Extension: Adblock Plus - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-27]
FF Extension: Tiny Menu - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2012-04-27]
FF Extension: DownThemAll! - C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\x87j1mqo.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-04-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-10-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2013-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (Google Cast) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-20]
CHR Extension: (Adblock Plus) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-01-19]
CHR Extension: (Rapportive) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2013-08-07]
CHR Extension: (MonoChrome) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlphmmcijokifloflhecnkkhbpdnnk [2015-02-20]
CHR Extension: (Forecastfox) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-04-12]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2013-08-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [240112 2010-10-13] (CyberLink)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-10-13] (Code 42 Software) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2014-06-23] (BUFFALO INC.) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NovacomD; C:\Program Files\Palm, Inc\novacom\amd64\novacomd.exe [46080 2010-01-12] (Palm) [File not signed]
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-12-22] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [16384 2006-10-01] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 DelayMan; C:\Windows\System32\DRIVERS\delayman.sys [20064 2011-05-16] (Ensurebit Inc.)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
R1 winioex; C:\Windows\System32\drivers\winioex.sys [15456 2011-05-16] (Ensurebit Inc.)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 00:14 - 2015-08-18 00:14 - 00030589 _____ C:\Users\CC\Desktop\FRST.txt
2015-08-18 00:13 - 2015-08-18 00:14 - 00000000 ____D C:\FRST
2015-08-18 00:12 - 2015-08-18 00:12 - 02173440 _____ (Farbar) C:\Users\CC\Desktop\FRST64.exe
2015-08-17 23:58 - 2015-08-17 23:58 - 594268471 _____ C:\windows\MEMORY.DMP
2015-07-27 21:41 - 2015-07-27 22:34 - 00000000 ____D C:\Users\CC\Desktop\bottles
2015-07-26 16:41 - 2015-07-26 16:41 - 00000000 ____D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 00:12 - 2011-05-16 03:54 - 01089760 _____ C:\windows\WindowsUpdate.log
2015-08-18 00:09 - 2013-01-31 19:04 - 00000000 ____D C:\Users\CC\AppData\Local\HTC MediaHub
2015-08-18 00:08 - 2011-05-16 04:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 00:08 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-18 00:08 - 2009-07-13 22:51 - 00151945 _____ C:\windows\setupact.log
2015-08-18 00:02 - 2014-06-23 09:32 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 23:59 - 2013-07-08 11:10 - 00000000 ____D C:\windows\Minidump
2015-08-17 23:51 - 2014-06-23 09:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 23:51 - 2012-12-25 18:21 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-17 23:45 - 2014-07-29 19:56 - 00000562 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4140377260-2868218508-1842448753-1001.job
2015-08-17 23:45 - 2012-12-25 18:21 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-17 23:45 - 2012-03-31 22:48 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-17 23:45 - 2011-05-27 20:57 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-17 23:39 - 2013-09-20 14:20 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001UA.job
2015-08-17 23:21 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-17 23:20 - 2009-07-13 22:45 - 00032304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 23:20 - 2009-07-13 22:45 - 00032304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 01:21 - 2012-01-17 18:25 - 00000000 ____D C:\Users\CC\Documents\1 - Cc
2015-08-12 01:21 - 2011-12-03 02:38 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-08-06 00:17 - 2015-06-17 23:31 - 00000658 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-4140377260-2868218508-1842448753-1001.job
2015-07-29 00:10 - 2015-06-17 23:31 - 00003684 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-4140377260-2868218508-1842448753-1001
2015-07-29 00:10 - 2014-07-29 19:56 - 00003588 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4140377260-2868218508-1842448753-1001
2015-07-27 22:39 - 2013-09-20 14:20 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001Core.job
2015-07-26 16:41 - 2011-05-27 20:38 - 00000000 ____D C:\Users\CC\AppData\Local\Google
2015-07-22 11:02 - 2010-11-20 21:47 - 00218032 _____ C:\windows\PFRO.log
 
==================== Files in the root of some directories =======
 
2014-07-09 19:01 - 2014-07-09 19:01 - 0002074 _____ () C:\Users\CC\AppData\Local\recently-used.xbel
2011-05-28 10:27 - 2011-05-28 10:30 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-01-07 01:39 - 2015-01-25 23:06 - 0001255 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\CC\AppData\Local\Temp\_is1A91.exe
C:\Users\CC\AppData\Local\Temp\_is5E46.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-21 23:38
 
==================== End of log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by CC (2015-08-18 00:15:00)
Running from C:\Users\CC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4140377260-2868218508-1842448753-500 - Administrator - Disabled)
CC (S-1-5-21-4140377260-2868218508-1842448753-1001 - Administrator - Enabled) => C:\Users\CC
Guest (S-1-5-21-4140377260-2868218508-1842448753-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4140377260-2868218508-1842448753-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4140377260-2868218508-1842448753-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N16 Wireless Router Utilities (HKLM-x32\...\{2BF4582C-9BBF-4B55-AB3A-C2375278B13E}) (Version: 4.1.3.5 - ASUS)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.4 - Broadcom Corporation)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
CrashPlan (HKLM\...\{89993433-1D66-4138-8E97-C72CD850CD2B}) (Version: 3.6.4 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digsby (HKLM-x32\...\Digsby) (Version:  - dotSyntax, LLC)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
FileZilla Client 3.7.1 (HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.54.0 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1509 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1509 - CyberLink Corp.) Hidden
Lenovo PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2318.52 - CyberLink Corp.)
Lenovo PowerDVD 10 (x32 Version: 10.0.2318.52 - CyberLink Corp.) Hidden
Lenovo R.I.C. (Robust Intelligent Companion) (HKLM\...\Lenovo R.I.C. (Robust Intelligent Companion)) (Version: 1.0.10.1220 - Lenovo)
Lenovo Smile Dock (HKLM-x32\...\Lenovo Smile Dock) (Version: 2.0.251.1 - DDNi)
Lenovo Smile Dock (x32 Version: 2.0.251.1 - DDNi) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LizardTech DjVu Control (autoinstall) (HKLM-x32\...\DjVu) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.51 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 266.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 266.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenVPN 2.0.9 (HKLM-x32\...\OpenVPN) (Version: 2.0.9 - )
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7108 - CyberLink Corp.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6339 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung ML-1865W Series (HKLM-x32\...\Samsung ML-1865W Series) (Version:  - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SRS Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0200 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
thinkorswim (HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2248 - Citi)
Virtual Account Numbers (x32 Version: 1.0.6.0 - Citi) Hidden
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Driver Package - Palm (WinUSB) Palm Devices  (11/30/2008 1.0.0) (HKLM\...\84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D) (Version: 11/30/2008 1.0.0 - Palm)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\CC\AppData\Local\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\CC\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-09-03 00:21 - 00000884 ____A C:\windows\system32\Drivers\etc\hosts
 
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1FABF3A4-AA4F-4B23-A90C-3D8210DA1563} - System32\Tasks\Lenovo Smile Dock (CC) => C:\Program Files (x86)\DDNI\Lenovo Smile Dock\CenterStage.exe [2010-12-28] (Digital Delivery Networks, Inc.)
Task: {207FEC74-0456-4E24-B270-BF9B88892750} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {5EAFA0B9-42E6-4746-9AAA-02074F181E30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001Core => C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: {67FD0CDE-5741-4BC0-8469-6462B93EB8DC} - System32\Tasks\G2MUpdateTask-S-1-5-21-4140377260-2868218508-1842448753-1001 => C:\Users\CC\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {ACD896F7-7655-41EB-939E-A898E6CE1343} - System32\Tasks\Shutdown 3AM => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {AF872F54-3EA6-4D10-ABA8-92F668BB6C68} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-17] (Adobe Systems Incorporated)
Task: {BB81B3DC-AA8A-4963-BC0E-128FDAA45227} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {BF26D2C7-C163-470B-8A9A-BFCA6C444FF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {E0DC16F6-0F8C-45C5-B4C0-7B5F838EFD24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001UA => C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: {ED2D0BBB-1069-4050-9D97-FC83B915AD01} - System32\Tasks\G2MUploadTask-S-1-5-21-4140377260-2868218508-1842448753-1001 => C:\Users\CC\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-29] (Citrix Online, a division of Citrix Systems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4140377260-2868218508-1842448753-1001.job => C:\Users\CC\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-4140377260-2868218508-1842448753-1001.job => C:\Users\CC\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001Core.job => C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4140377260-2868218508-1842448753-1001UA.job => C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-19 18:43 - 2013-10-28 17:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-05 06:53 - 2011-01-05 06:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-03 02:34 - 2010-06-10 02:02 - 00027648 _____ () C:\windows\System32\ssp8ml6.dll
2011-06-17 08:49 - 2011-06-17 08:49 - 00826880 _____ () C:\windows\system32\spool\DRIVERS\x64\3\ssp8mdu.dll
2011-02-16 11:56 - 2011-02-16 11:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-02-16 12:01 - 2011-02-16 12:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-12-14 12:05 - 2010-12-14 12:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2014-10-13 13:58 - 2014-10-13 13:58 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-07-07 00:07 - 2015-07-07 00:07 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2011-01-05 06:53 - 2011-01-05 06:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 21:20 - 2011-05-16 04:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 21:20 - 2011-05-16 04:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-05-16 04:39 - 2011-05-16 04:39 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2011-05-16 04:01 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-15 16:43 - 2013-08-15 16:43 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2011-12-03 02:35 - 2010-06-23 02:47 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-12-03 02:35 - 2010-06-09 06:05 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2013-01-31 19:03 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-12-22 17:19 - 2010-12-22 17:19 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-15 16:40 - 2013-08-15 16:40 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-15 16:41 - 2013-08-15 16:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-15 16:41 - 2013-08-15 16:41 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-15 16:41 - 2013-08-15 16:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-15 16:42 - 2013-08-15 16:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-15 16:49 - 2013-08-15 16:49 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2011-02-16 11:51 - 2011-02-16 11:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-02-16 11:53 - 2011-02-16 11:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-06-18 14:08 - 2013-06-18 14:08 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-29 03:12 - 2013-10-07 13:31 - 00039424 _____ () C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
2015-08-17 23:22 - 2015-08-07 18:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-17 23:22 - 2015-08-07 18:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-17 23:22 - 2015-08-07 18:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
2014-10-24 16:15 - 2014-10-24 16:15 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-05-16 04:00 - 2011-01-12 11:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-12-22 17:19 - 2010-12-22 17:19 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4140377260-2868218508-1842448753-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digsby.lnk => C:\windows\pss\Digsby.lnk.CommonStartup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1548C2B1-445E-4512-9E86-D77D05C3F3B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1BB58A58-356F-4D86-9DA9-FFADD5E9BB77}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{F30F5F42-2AB1-4ED1-BB40-00E471D5D6AA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{34C1DE60-508C-43AD-BA39-656064DC5EA1}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{80A3B916-7A7E-4611-863F-39F741136BCA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{C129901C-9105-4765-9BB8-9A837ABDEA78}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F42D5DC3-D6C8-4292-832E-BD6263CE5282}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EE9788E2-EB1A-42B9-8F31-D69BF361F9AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B80BBB15-2131-4FD7-BCB3-AC8B53C8075C}] => (Allow) LPort=2869
FirewallRules: [{68CEFED7-5799-49C5-86CE-0587EB2F2F45}] => (Allow) LPort=1900
FirewallRules: [{22B51D30-95C0-4927-8D0D-249DD98B03EA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EC0CD3EF-A76B-46C4-B741-71DB8A25A22D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A18699B0-6BD8-46E9-A069-B4FE56F10B67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9AE53A8D-F785-4536-982A-F7AC5D2CF654}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9113C631-4840-4960-8F19-6BF5EB8429D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0281AB10-95B0-4786-96D6-AAE51AB8AD8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{43ADEA4D-7B74-4CBB-AF4E-F6CB87035046}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E0D7FD89-C965-4DAB-A132-9E8E2F762120}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{6E8D5253-8ACA-4853-AAD1-D3D561CB69B9}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Discovery.exe
FirewallRules: [{DABA75BC-5CA2-4263-B59A-DF63B0430BFB}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Discovery.exe
FirewallRules: [{800D5092-3ADA-4130-9D0C-60EAB1A2794E}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Rescue.exe
FirewallRules: [{6F24BCDA-CB8E-403D-A0DC-F4EC8A082DF0}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Rescue.exe
FirewallRules: [{B537A556-34F0-4A3C-9E0C-EB4295AAE9E2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Download.exe
FirewallRules: [{22D32842-7E8C-4044-9220-6EBCE1DD8A85}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\Download.exe
FirewallRules: [{596980BF-5130-47A3-8EC0-DA745BF47D53}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\LiveUpdate.exe
FirewallRules: [{679364E8-1BBC-4947-A05E-B61CCE4FBB3B}] => (Allow) C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\LiveUpdate.exe
FirewallRules: [TCP Query User{9B712C86-BE77-4376-BFB6-2895E5D9D4BC}C:\program files (x86)\openvpn\bin\openvpn.exe] => (Allow) C:\program files (x86)\openvpn\bin\openvpn.exe
FirewallRules: [UDP Query User{A6B07003-F9E2-4C4A-AB44-42D4D71B618D}C:\program files (x86)\openvpn\bin\openvpn.exe] => (Allow) C:\program files (x86)\openvpn\bin\openvpn.exe
FirewallRules: [TCP Query User{2B31A9A4-2997-4C5D-AE90-F6009E503E63}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F9846932-0407-447D-914A-742A554FC22E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{BD089CE6-083F-4BCF-AA44-8659C71494AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B073BB21-01B4-457A-B113-68C6BE79DED1}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{04261C9C-7C46-452B-B6FF-8105AA9CBFCC}C:\users\cc\appdata\local\thinkorswim\thinkorswim.exe] => (Allow) C:\users\cc\appdata\local\thinkorswim\thinkorswim.exe
FirewallRules: [UDP Query User{4F1B1070-77E4-4C65-BBB8-BBE2556520B9}C:\users\cc\appdata\local\thinkorswim\thinkorswim.exe] => (Allow) C:\users\cc\appdata\local\thinkorswim\thinkorswim.exe
FirewallRules: [{0B91CA56-8022-4641-889F-52651F2D7B59}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C286A880-3020-484C-8F39-89392E9D9D6A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{45A183F7-E191-4589-AE6E-C7FF639E8E48}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FF13385A-28ED-4812-95EE-AF64DFF38B73}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6363CC75-6703-4BA5-98AC-B6162A033F7B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{48C23068-720E-4464-AFA0-3EE3CB0C08CC}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{82EB1FD1-F267-4F0B-A421-0B349099D75C}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{E8F6847E-FD0B-473F-A0B3-455418023DD1}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{A5CA4864-97A8-474E-8E07-6679E9052218}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{655A2997-DA26-488A-9B09-E82CBB3951C0}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{038147F5-6593-48B4-BDF8-F5C2A800A350}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5232B55-B84D-4D3D-9F5F-420B709BF0FD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CACDE21B-8FFE-48AC-896B-C55F618BA183}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{991FA8D3-5C75-43A0-9D68-874BC5D34C5A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3CCD9745-D5B5-429B-8ED2-1538C361C5CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E8F90BEB-DBD3-4650-95FD-DD4A63E675A5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DBFAD240-02DA-4F93-AF39-9636104023F0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C681E86D-5C3C-4240-A6A2-C87D63205105}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{03CF5E03-01C4-45D3-850C-BD6D74866ED3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28CAE097-A98D-4C4B-A3F8-99F5C8412DCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B03EECC4-F092-4DD0-89C8-12ACC52E8D43}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{55EC71D4-AFC3-421E-A762-EACFB207DAC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{651422B5-B04E-4646-94B0-62DB8F1993F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002CE5C0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963} - 0000000000000074,0x0053c010,00000000003B5E40,0,00000000003B6E50,4096,[0]).
 
 
Operation:
   Committing shadow copies
 
Context:
   Execution Context: System Provider
 
Error: (08/18/2015 12:13:35 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002CE5C0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/18/2015 12:13:34 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/18/2015 12:08:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:51:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:17:08 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000000000341470).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/17/2015 11:17:08 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000000000341470).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
System errors:
=============
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:25 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:25 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
Error: (08/18/2015 12:15:25 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy72.
 
 
Microsoft Office:
=========================
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002CE5C0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12298) (User: )
Description: \\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/18/2015 12:14:50 AM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963} - 0000000000000074,0x0053c010,00000000003B5E40,0,00000000003B6E50,4096,[0])
 
Operation:
   Committing shadow copies
 
Context:
   Execution Context: System Provider
 
Error: (08/18/2015 12:13:35 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002CE5C0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/18/2015 12:13:34 AM) (Source: VSS) (EventID: 12298) (User: )
Description: \\?\Volume{f37766c2-7fa9-11e0-888a-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (08/18/2015 12:08:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:51:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 11:17:08 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000000000341470)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (08/17/2015 11:17:08 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000000000341470)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
CodeIntegrity:
===================================
  Date: 2015-06-12 17:12:04.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-12 17:12:04.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-12 17:12:04.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-12 17:12:04.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-30 18:23:34.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-30 18:23:33.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-11 20:09:23.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-11 20:09:23.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-11 20:09:14.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-11 20:09:14.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 8135.86 MB
Available physical RAM: 3795.26 MB
Total Virtual: 16269.9 MB
Available Virtual: 11216.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:714.01 GB) (Free:8.65 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29.3 GB) (Free:18.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 758.3 GB) (Disk ID: E4BAA469)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=714 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29.3 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of log ============================

Edited by thatguy7, 18 August 2015 - 12:34 AM.

  • 0

Advertisements

#2
Buddierdl
Posted 18 August 2015 - 10:22 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Did you ever have McAfee installed on this computer? If so, did you use the removal tool after you uninstalled it?

Please download the attached fixlist.txt to your desktop, run FRST again, and select the "Fix" button. Post the resulting fixlog.txt for me to review.

Attached Files


  • 0

#3
thatguy7
Posted 18 August 2015 - 08:27 PM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Thank you very much for your help. If I remember correctly, McAfee came on the PC, which I promptly uninstalled.  I likely just uninstalled it from the Program List.

 

I had an error while running your fixlog that it could not correct a file since it was corrupt.  Note: I have been skipping CHKDSK during startup.

 

Log below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by CC (2015-08-18 20:17:44) Run:1
Running from C:\Users\CC\Desktop
Loaded Profiles: UpdatusUser & CC (Available Profiles: UpdatusUser & CC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
cmd: type C:\Windows\Test.bat
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
FirewallRules: [{C129901C-9105-4765-9BB8-9A837ABDEA78}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F42D5DC3-D6C8-4292-832E-BD6263CE5282}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
EmptyTemp:
 
*****************
 
Restore point was successfully created.
 
=========  type C:\Windows\Test.bat =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
HKU\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C129901C-9105-4765-9BB8-9A837ABDEA78} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F42D5DC3-D6C8-4292-832E-BD6263CE5282} => value removed successfully
EmptyTemp: => 2.2 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:20:18 ====

  • 0

#4
Buddierdl
Posted 20 August 2015 - 08:08 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
How is the computer performing now? Did the MBAM scan you ran earlier find anything?
  • 0

#5
thatguy7
Posted 20 August 2015 - 08:14 AM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
It's running about the same.

Running MBAM is what prompted the odd Google Chrome error. It never completed.
  • 0

#6
Buddierdl
Posted 20 August 2015 - 08:23 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Not really seeing anything in your log. It may be your hard drive causing things to slow down. We should probably run chkdsk soon, but let's do this first:

Step 1: Run JRT:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: Run adwCleaner.

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
Step 3: Run aswMBR.

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Things I need in your next reply:
  • JRT log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now?

  • 0

#7
thatguy7
Posted 20 August 2015 - 09:03 AM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

aswMBR will not run.  I see the process start in task manager, but then it ends without opening.  Here are the other logs.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Ultimate x64
Ran by CC on Thu 08/20/2015 at  8:44:33.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1E8459BDB4E7600525578057C58C5471
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\CC\Appdata\Local\{1C83D606-3FA7-46C4-B40F-2475E31B9A90}
Successfully deleted: [Empty Folder] C:\Users\CC\Appdata\Local\{3FCAD619-5586-4BBD-AE36-E4C92A33F371}
Successfully deleted: [Empty Folder] C:\Users\CC\Appdata\Local\{5253F059-C81D-4E5A-A1D8-85F80F1B0570}
Successfully deleted: [Empty Folder] C:\Users\CC\Appdata\Local\{56EAD2CF-D335-4350-8EC6-A25A12ED20B7}
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\partner
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\CC\AppData\Roaming\mozilla\firefox\profiles\x87j1mqo.default\minidumps [20 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\CC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\CC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\CC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\CC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/20/2015 at  8:54:51.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v5.002 - Logfile created 20/08/2015 at 08:56:50
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : CC - CC-PC
# Running from : C:\Users\CC\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [821 bytes] ##########
 

  • 0

#8
Buddierdl
Posted 20 August 2015 - 09:13 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Could you please try disabling your AV (Microsoft Security Essentials) temporarily and see if aswMBR will run. Remember to re-enable afterwards, and don't browse the internet while it is disabled.
  • 0

#9
thatguy7
Posted 20 August 2015 - 09:34 AM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
It was disabled from just having ran JRT.
  • 0

#10
Buddierdl
Posted 20 August 2015 - 10:49 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try a different scan.

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

  • 0

#11
thatguy7
Posted 21 August 2015 - 12:12 AM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Log below:

 

RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : CC [Administrator]
Started from : C:\Users\CC\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/21/2015 00:08:30
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lenovo.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lenovo.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.lenovo.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.lenovo.com -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNB064GMCJ +++++
--- User ---
[MBR] f1190a488b7e84f193d5a91ba1470290
[BSP] a3826651ceeea91f9d6f7b3e1f13456a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 731150 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1497807280 | Size: 30000 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1559247280 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD7500BPVT-24HXZT1 +++++
Error reading User MBR! ([1b] The drive cannot find the sector requested. )
User = LL1 ... OK
User = LL2 ... OK

  • 0

#12
Buddierdl
Posted 21 August 2015 - 09:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I'm sorry, I made a mistake on the link. Could you please run the 64-bit version from here?
  • 0

#13
thatguy7
Posted 25 August 2015 - 11:41 PM

thatguy7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Sorry for the delay.  Here is the report with the 64 bit version of RogueKiller:

 

RogueKiller V10.10.2.0 (x64) [Aug 24 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : CC [Administrator]
Started from : C:\Users\CC\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 08/25/2015 23:38:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lenovo.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lenovo.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.lenovo.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4140377260-2868218508-1842448753-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.lenovo.com -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNB064GMCJ +++++
--- User ---
[MBR] 478c9643cde8c0be8b9932e4e8b5edf3
[BSP] 64c9ae52419b0fefbed842fe11fd6570 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 731150 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1497807280 | Size: 30000 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1559247280 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD7500BPVT-24HXZT1 +++++
Error reading User MBR! ([1b] The drive cannot find the sector requested. )
User = LL1 ... OK
User = LL2 ... OK

  • 0

#14
Buddierdl
Posted 27 August 2015 - 08:08 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Can you summarize the current problems with the computer for me? I think this may not be malware related.
  • 0

#15
Buddierdl
Posted 10 September 2015 - 08:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP