Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistent Html Script.Inf Virus/Malware That Hides In The Registry [S

Started by legna , Sep 01 2015 09:42 AM

  • This topic is locked This topic is locked

#1
legna
Posted 01 September 2015 - 09:42 AM

legna

    Member

  • Member
  • PipPipPip
  • 147 posts
Hi,
 
I have been infected with a very persistent html script.inf virus. Pc behaves quite normal and in no way would I have discovered that I had been infected had I not logged in to our own members website.
It is ok when I log in to the website itself. I do not receive any pop ups.
I can look around the site without any problem.
 
IT ONLY HAPPENS WHEN I LOG IN TO my OWN SPECIFIC ACCOUNT IN THIS WEBSITE.
Whenever I key in my password to log in, avast comes up with the pop up: infection blocked.
At times, the infection is html script.inf & at other times when I try to log in, the infection is Url:Mal.
In the popup, the redirected url is mtestcity.and at times, the object itself is our member website url.
 
Enclosed are 3 screenshots of avast pop ups:
url1.jpg
url2.jpg

 
Initially, I thought that the company site may have been infected. But other people have no problem logging in. Then, I thought that maybe my firefox could have been infected. I deleted my firefox & reinstalled a new one but the virus or malware was still there.I scanned my pc with Malwarebytes and it found nothing.
I then proceed to scan with avast. It also found nothing.
Even hitmanpro found nothing!
Adwcleaner found nothing.
JRT(Junkware Removal tool) found absolutely nothing too!
 
Trend Micro Fake Antivirus (FakeAV) Removal Tool 1.0.1019
did find 3 registry entries which I deleted immediately.
Enclosed is the log txt file:
Fake Antivirus Remover 1.0.0.1019

Pattern version: 100008

Scan mode: Scan All Processes
Time elapsed: 00 minute(s), 01 second(s)

Summary
------------------------------------
Processes Detected: 0
Files Detected: 0
Folders Detected: 0
Registry Keys Detected: 3
Registry Values Detected: 0
Registry Data Detected: 0

Detailed Information
------------------------------------
Registry Keys Detected:
HKCR\*\shellex\ContextMenuHandlers\SimpleShlExt -> Delete (Quarantined and deleted successfully.)
HKCR\Directory\shellex\ContextMenuHandlers\SimpleShlExt -> Delete (Quarantined and deleted successfully.)
HKCR\Drive\shellex\ContextMenuHandlers\SimpleShlExt -> Delete (Quarantined and deleted successfully.)
 
 
Following this, I scanned it with roguekiller & it found 2 more
suspicious entries plus 2 more grey items. I could not delete it as it gives me error5.
I finally deleted it with roguekiller in safe mode.
Heres a screenshot of  the registry  entries found in roguekiller:
roguekiller for url infection prtscrn.jpg
 
I then relogged in to that website but avast still pops up with infection blocked.
 
Finally, I  performed a hijackthis scan.
Here's the log file. Please diagnose.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:59:34 AM, on 01-Sep-15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

[b]FIREFOX: 40.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\LENOVO\Desktop\Removal Tools\hijackthis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKCU\..\Run: [Wondershare Helper Compact] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-21-122341192-2292051211-3585160535-1001\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MobileGo Service.lnk = C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
O8 - Extra context menu item: &ʹÓÃFLVCD»ñÈ¡±¾Ò³ÊÓƵµÄÏÂÔصØÖ· - C:\Users\LENOVO\AppData\Roaming\flvcd\flvcd_link.htm
O8 - Extra context menu item: &ʹÓÃFLVCD»ñÈ¡¸ÃÊÓƵµÄÏÂÔصØÖ· - C:\Users\LENOVO\AppData\Roaming\flvcd\flvcd_href.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Run Video Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe (file missing)
O9 - Extra 'Tools' menuitem: Video Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12334 bytes

Please help. Thank you.

Attached Files


Edited by Naathim, 03 September 2015 - 04:20 PM.
Removed sensitive data

  • 0

Advertisements

#2
Bruce1270
Posted 01 September 2015 - 03:01 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello legna and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem. :)

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    We no longer use Hijack This as the main diagnostic log. Instead I would like you to run Farbar Recovery Scan Tool.


    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

    Thanks

  • 0

#3
legna
Posted 01 September 2015 - 04:40 PM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi Bruce,

 

Here's the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by LENOVO (administrator) on IDEA-PC (02-09-2015 06:26:33)
Running from C:\Users\LENOVO\Desktop\Removal Tools
Loaded Profiles: UpdatusUser & LENOVO (Available Profiles: UpdatusUser & LENOVO)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-30] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-03] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKU\S-1-5-21-122341192-2292051211-3585160535-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-07] (AVAST Software)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-15] (SugarSync, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2013-09-28]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D4F0B1D2-BCEE-4F56-ACF4-C1F8BBA110CA}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-122341192-2292051211-3585160535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-122341192-2292051211-3585160535-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-122341192-2292051211-3585160535-1002 -> {9426B79F-2D6F-4DDF-B22D-3200A6394DE2} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-30] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-07] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-07] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\LENOVO\funshion\funshiontools\npFunshion.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-07-24] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\searchplugins\lazy-inbox.xml [2013-09-11]
FF Extension: YouTube Video and Audio Downloader - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2015-02-26]
FF Extension: Firebug - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2013-09-10]
FF Extension: 硕鼠下载助手(FLVCD Helper) - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2014-10-07]
FF Extension: Sort Tabs - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2014-09-11]
FF Extension: The Addon Bar (restored) - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2015-04-08]
FF Extension: YouTube to MP3 - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2014-02-04]
FF Extension: Screengrab  (fix version) - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-09-10]
FF Extension: FlashGot - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-12-18]
FF Extension: eBay Toolbar - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{249df6a2-e336-47d1-b6c3-ec711ad140ca}.xpi [2015-04-23]
FF Extension: Ebates Cash Back - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2015-03-25]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-02-26]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-13]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-04-13]
FF HKU\S-1-5-21-122341192-2292051211-3585160535-1002\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Media Cope\Extensions\wifv
FF Extension: Media Cope - Web Image Fullscreen Viewer - C:\Program Files (x86)\Media Cope\Extensions\wifv [2014-01-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-07] (AVAST Software)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-07] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-07] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-07] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [58952 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-03-17] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18504 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [189000 2013-03-17] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-01] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-01] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [990976 2012-10-23] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 06:26 - 2015-09-02 06:26 - 00000000 ____D C:\FRST
2015-09-01 05:11 - 2015-09-01 05:11 - 00000000 ____D C:\Users\LENOVO\AppData\Local\2Browse
2015-09-01 01:29 - 2015-09-01 01:29 - 00246745 _____ C:\Users\LENOVO\AppData\Local\census.cache
2015-09-01 01:29 - 2015-09-01 01:29 - 00095659 _____ C:\Users\LENOVO\AppData\Local\ars.cache
2015-09-01 01:21 - 2015-09-01 01:21 - 00000036 _____ C:\Users\LENOVO\AppData\Local\housecall.guid.cache
2015-09-01 00:39 - 2015-09-01 00:39 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-08-31 23:57 - 2015-09-01 02:23 - 00000000 ____D C:\Users\LENOVO\Desktop\FakeAVRemover
2015-08-31 23:03 - 2015-09-02 06:26 - 00000000 ____D C:\Users\LENOVO\Desktop\Removal Tools
2015-08-31 16:49 - 2015-08-31 16:49 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-31 16:49 - 2015-08-31 16:49 - 00001170 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-31 16:49 - 2015-08-31 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-31 16:49 - 2015-08-31 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 16:45 - 2015-08-31 16:45 - 00000000 ____D C:\Users\LENOVO\Desktop\firefox
2015-08-30 21:10 - 2015-08-30 21:10 - 00000000 ____D C:\Users\LENOVO\AppData\Local\Downloaded Installations
2015-08-29 20:15 - 2015-08-30 17:44 - 00000000 ____D C:\Users\LENOVO\Desktop\teresa
2015-08-27 01:27 - 2015-09-01 06:34 - 00000000 ____D C:\Users\LENOVO\Desktop\after windows 8.1 upgrade,Internet Connection but Browsers do not work
2015-08-26 08:55 - 2015-08-26 08:55 - 01605632 _____ C:\Users\LENOVO\Desktop\adwcleaner_5.003.exe
2015-08-26 01:14 - 2015-08-26 01:14 - 00000000 ____D C:\Users\LENOVO\AppData\Local\GWX
2015-08-25 05:59 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-25 05:59 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-24 06:47 - 2015-05-25 21:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-24 06:47 - 2015-05-25 21:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-24 06:43 - 2015-08-24 06:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-24 06:43 - 2015-08-24 06:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-24 06:43 - 2015-08-24 06:43 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-24 02:14 - 2015-08-28 04:21 - 00000000 ____D C:\Users\LENOVO\Desktop\Maju Forms
2015-08-23 18:25 - 2015-08-25 16:09 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-23 18:25 - 2015-08-23 02:27 - 00000000 __SHD C:\Recovery
2015-08-23 18:24 - 2015-08-23 18:24 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-08-23 18:23 - 2015-08-23 18:23 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-08-23 18:23 - 2015-08-23 18:23 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-08-23 18:23 - 2015-08-23 18:23 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-23 18:23 - 2015-08-23 18:23 - 00000000 ____D C:\Program Files\MSBuild
2015-08-23 18:23 - 2015-08-23 18:23 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-23 18:23 - 2015-08-23 18:23 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-23 18:23 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-23 18:23 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-23 05:46 - 2015-08-23 05:46 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-23 04:54 - 2015-08-24 08:10 - 00000000 ____D C:\Users\LENOVO\Desktop\馬雲(all copied)
2015-08-23 04:22 - 2015-07-30 22:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 04:22 - 2015-07-30 21:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 04:01 - 2015-04-30 07:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-08-23 04:01 - 2015-01-27 11:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-23 04:01 - 2015-01-24 09:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-23 04:01 - 2014-11-10 10:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-08-23 04:01 - 2014-11-10 09:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-08-23 04:01 - 2014-10-31 07:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-08-23 04:01 - 2014-10-31 07:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-08-23 03:51 - 2015-03-18 01:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-23 03:51 - 2015-01-23 15:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-08-23 03:51 - 2015-01-23 13:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-08-23 03:50 - 2015-07-19 09:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-23 03:50 - 2015-07-19 02:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-23 03:50 - 2015-07-19 02:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-23 03:50 - 2015-07-19 02:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-23 03:50 - 2015-07-19 02:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-23 03:50 - 2015-07-19 02:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-23 03:50 - 2015-07-19 02:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-23 03:50 - 2015-07-19 02:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-23 03:50 - 2015-07-19 02:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-23 03:50 - 2015-07-19 02:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-23 03:50 - 2015-07-19 02:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-23 03:50 - 2015-07-19 02:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-23 03:50 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-23 03:50 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-23 03:50 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-23 03:50 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-23 03:50 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-23 03:50 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-23 03:50 - 2015-07-17 03:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-23 03:50 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-23 03:50 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-23 03:50 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-23 03:50 - 2015-07-17 03:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-23 03:50 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-23 03:50 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-23 03:50 - 2015-07-17 03:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-23 03:50 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-23 03:50 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-23 03:50 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-23 03:50 - 2015-07-17 03:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-23 03:50 - 2015-07-17 03:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-23 03:50 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-23 03:50 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-23 03:50 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-23 03:50 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-23 03:50 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-23 03:50 - 2015-07-17 02:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-23 03:50 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-23 03:50 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-23 03:50 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-23 03:50 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-23 03:50 - 2015-07-10 02:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-23 03:50 - 2015-06-28 13:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-08-23 03:50 - 2015-06-28 13:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-08-23 03:50 - 2015-06-28 13:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-23 03:50 - 2015-06-28 13:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-08-23 03:50 - 2015-06-28 00:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-23 03:50 - 2015-06-27 11:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-08-23 03:50 - 2015-06-27 11:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-08-23 03:50 - 2015-06-27 11:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-08-23 03:50 - 2015-06-27 11:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-23 03:50 - 2015-06-27 11:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-23 03:50 - 2015-06-27 10:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-08-23 03:50 - 2015-06-27 10:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-23 03:50 - 2015-06-27 10:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-23 03:50 - 2015-06-27 10:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-08-23 03:50 - 2015-06-27 09:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-08-23 03:50 - 2015-06-27 09:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-08-23 03:50 - 2015-06-16 06:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-23 03:50 - 2015-06-16 06:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-23 03:50 - 2015-06-16 06:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-23 03:50 - 2015-06-16 06:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-23 03:50 - 2015-06-16 05:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-23 03:50 - 2015-06-16 05:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-23 03:50 - 2015-06-16 05:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-23 03:50 - 2015-06-16 05:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-23 03:50 - 2015-06-16 05:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-23 03:50 - 2015-06-16 05:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-23 03:50 - 2015-06-16 04:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-08-23 03:50 - 2015-06-16 04:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-23 03:50 - 2015-06-16 04:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-23 03:50 - 2015-06-16 04:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-23 03:50 - 2015-06-16 04:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-23 03:50 - 2015-06-16 04:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-23 03:50 - 2015-06-16 04:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-23 03:50 - 2015-06-16 04:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-23 03:50 - 2015-06-16 04:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-23 03:50 - 2015-06-16 03:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-08-23 03:50 - 2015-06-10 02:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-23 03:50 - 2015-05-31 05:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-08-23 03:50 - 2015-05-31 03:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-23 03:50 - 2015-05-31 03:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-23 03:50 - 2015-05-23 11:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-08-23 03:50 - 2015-05-23 02:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-08-23 03:50 - 2015-05-23 02:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-08-23 03:50 - 2015-05-08 01:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-23 03:50 - 2015-05-08 01:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-23 03:50 - 2015-05-08 00:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-23 03:50 - 2015-05-08 00:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-23 03:50 - 2015-05-07 23:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-08-23 03:50 - 2015-05-07 23:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-08-23 03:50 - 2015-05-03 08:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-23 03:50 - 2015-05-01 07:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-08-23 03:50 - 2015-05-01 06:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-08-23 03:50 - 2015-04-22 00:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-08-23 03:50 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-08-23 03:50 - 2015-04-10 08:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-23 03:50 - 2015-04-10 08:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-23 03:50 - 2015-03-30 13:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-23 03:50 - 2015-03-20 11:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-08-23 03:50 - 2015-03-20 11:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-08-23 03:50 - 2015-03-20 10:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-08-23 03:50 - 2015-03-20 10:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-08-23 03:50 - 2015-03-20 09:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-08-23 03:50 - 2015-03-14 16:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-08-23 03:50 - 2015-03-14 16:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-08-23 03:50 - 2015-03-14 09:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-08-23 03:50 - 2015-03-09 10:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-23 03:50 - 2015-03-04 09:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-08-23 03:50 - 2015-03-04 09:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-08-23 03:50 - 2015-03-02 09:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-08-23 03:50 - 2015-03-02 09:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-08-23 03:50 - 2015-01-30 08:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-23 03:50 - 2015-01-29 09:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-08-23 03:50 - 2015-01-29 09:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-08-23 03:50 - 2015-01-29 09:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-08-23 03:50 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-08-23 03:50 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-08-23 03:50 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-08-23 03:50 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-08-23 03:50 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-08-23 03:50 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-08-23 03:50 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-08-23 03:50 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-08-23 03:50 - 2014-11-14 14:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-08-23 03:50 - 2014-10-31 06:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-08-23 03:50 - 2014-10-31 06:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-08-23 03:50 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-08-23 03:49 - 2015-07-29 07:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-23 03:49 - 2015-07-28 22:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-23 03:49 - 2015-07-28 22:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-23 03:49 - 2015-07-28 22:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-23 03:49 - 2015-07-28 22:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-23 03:49 - 2015-07-28 22:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-23 03:49 - 2015-07-28 22:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-23 03:49 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-23 03:49 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-23 03:49 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-23 03:49 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-23 03:49 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-23 03:49 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-23 03:49 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-23 03:49 - 2015-07-02 06:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-23 03:49 - 2015-07-02 06:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-23 03:49 - 2015-07-02 05:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-23 03:49 - 2015-07-02 05:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-23 03:49 - 2015-06-27 07:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-23 03:49 - 2015-05-21 21:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-08-23 03:49 - 2015-04-02 06:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-08-23 03:49 - 2015-04-02 06:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-08-23 03:49 - 2015-04-01 11:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-08-23 03:49 - 2015-04-01 10:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-08-23 03:49 - 2015-03-24 05:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-08-23 03:49 - 2015-03-24 05:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-08-23 03:49 - 2015-03-20 12:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-08-23 03:49 - 2015-03-20 12:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-08-23 03:49 - 2015-03-20 12:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-08-23 03:49 - 2015-03-20 11:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-08-23 03:49 - 2015-03-20 10:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-08-23 03:49 - 2015-03-20 10:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-23 03:49 - 2015-03-20 10:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-23 03:49 - 2015-03-13 09:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-08-23 03:49 - 2015-03-13 08:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-08-23 03:49 - 2015-03-06 10:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-08-23 03:49 - 2014-11-05 03:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-08-23 03:49 - 2014-11-05 03:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-08-23 03:49 - 2014-11-04 14:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-08-23 03:49 - 2014-11-04 14:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-08-23 03:49 - 2014-11-04 14:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-08-23 03:49 - 2014-11-04 14:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-08-23 03:49 - 2014-10-29 09:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-08-23 03:49 - 2014-10-29 09:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-08-23 03:49 - 2014-10-29 09:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-08-23 03:49 - 2014-10-29 09:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-08-23 03:49 - 2014-10-29 09:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-08-23 03:49 - 2014-10-29 09:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-08-23 03:49 - 2014-06-10 06:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-23 03:49 - 2014-06-10 06:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-23 03:48 - 2015-07-15 05:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-23 03:48 - 2015-07-15 05:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-23 03:48 - 2015-07-15 05:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-23 03:48 - 2015-07-14 11:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-23 03:48 - 2015-07-14 11:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-23 03:48 - 2015-07-11 01:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-23 03:48 - 2015-07-11 00:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-23 03:48 - 2015-07-07 17:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-23 03:48 - 2015-07-07 17:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-23 03:48 - 2015-07-07 17:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-23 03:48 - 2015-06-13 01:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-23 03:48 - 2015-06-13 00:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-23 03:48 - 2015-05-12 02:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-23 03:48 - 2015-05-03 23:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-23 03:48 - 2015-05-03 22:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-23 03:48 - 2015-05-03 22:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-08-23 03:48 - 2015-05-03 22:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-08-23 03:48 - 2015-04-25 10:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-08-23 03:48 - 2015-04-14 06:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-08-23 03:48 - 2015-04-14 06:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-08-23 03:48 - 2015-04-09 06:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-08-23 03:48 - 2015-04-09 06:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-08-23 03:48 - 2015-04-03 08:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-08-23 03:48 - 2015-04-03 08:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-08-23 03:48 - 2015-03-13 10:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-08-23 03:48 - 2015-03-13 10:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-08-23 03:48 - 2015-03-13 10:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-08-23 03:48 - 2015-02-24 16:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-08-23 03:48 - 2015-02-21 07:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-08-23 03:48 - 2015-02-18 07:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-08-23 03:48 - 2015-02-03 08:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-08-23 03:48 - 2015-02-03 08:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-08-23 03:48 - 2015-02-03 07:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-08-23 03:48 - 2015-02-03 07:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-08-23 03:48 - 2015-01-30 11:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-08-23 03:48 - 2015-01-30 11:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-08-23 03:48 - 2015-01-30 10:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-08-23 03:48 - 2015-01-30 10:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-08-23 03:48 - 2015-01-30 09:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-08-23 03:48 - 2015-01-30 09:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-08-23 03:48 - 2015-01-30 09:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-08-23 03:48 - 2015-01-28 10:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-08-23 03:48 - 2015-01-28 09:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-08-23 03:48 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-08-23 03:48 - 2014-12-19 14:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-08-23 03:48 - 2014-12-12 10:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-08-23 03:47 - 2015-07-11 02:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-23 03:47 - 2015-07-11 01:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-23 03:47 - 2015-07-11 01:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-23 03:47 - 2015-07-11 00:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-23 03:47 - 2015-06-11 11:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-23 03:47 - 2015-06-11 00:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-23 03:46 - 2015-07-29 22:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-23 03:46 - 2015-07-29 22:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-23 03:46 - 2015-07-29 22:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-23 03:46 - 2015-07-25 02:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-23 03:46 - 2015-07-25 02:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-23 03:46 - 2015-07-25 02:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-23 03:46 - 2015-07-25 01:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-23 03:46 - 2015-07-25 01:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-23 03:46 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-23 03:46 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-23 03:46 - 2015-07-10 00:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-23 03:46 - 2015-06-16 13:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-08-23 03:46 - 2015-06-16 13:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-08-23 03:46 - 2015-06-12 04:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-23 03:46 - 2015-06-12 04:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-23 03:46 - 2015-05-12 00:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-08-23 03:46 - 2015-04-28 21:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-08-23 03:46 - 2015-04-28 21:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-08-23 03:46 - 2015-04-16 14:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-23 03:46 - 2015-04-10 08:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-23 03:46 - 2015-04-10 08:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-23 03:46 - 2015-04-01 12:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-23 03:46 - 2015-04-01 12:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-08-23 03:46 - 2015-04-01 12:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-08-23 03:46 - 2015-04-01 12:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-08-23 03:46 - 2015-04-01 11:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-23 03:46 - 2015-04-01 11:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-23 03:46 - 2015-04-01 11:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-23 03:46 - 2015-04-01 10:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-08-23 03:46 - 2015-04-01 10:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-23 03:46 - 2015-04-01 10:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-23 03:46 - 2015-04-01 10:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-08-23 03:46 - 2015-04-01 10:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-23 03:46 - 2015-04-01 10:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-23 03:46 - 2015-03-13 12:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-08-23 03:46 - 2015-03-13 12:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-08-23 03:46 - 2015-03-04 18:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-08-23 03:46 - 2015-03-04 11:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-08-23 03:46 - 2015-03-04 10:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-08-23 03:46 - 2015-01-31 07:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-08-23 03:46 - 2015-01-28 09:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-08-23 03:46 - 2015-01-28 09:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-08-23 03:46 - 2015-01-27 12:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-08-23 03:46 - 2015-01-27 10:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-08-23 03:45 - 2015-04-25 10:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-08-23 03:45 - 2015-04-25 10:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-08-23 03:45 - 2015-04-23 23:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-23 03:45 - 2015-04-23 23:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-23 03:45 - 2015-03-06 11:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-08-23 03:45 - 2015-03-06 10:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-08-23 03:45 - 2015-01-30 02:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-08-23 03:45 - 2015-01-30 02:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-08-23 03:45 - 2014-12-06 11:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-23 03:45 - 2014-12-06 09:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-08-23 03:44 - 2015-05-12 21:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-08-23 03:44 - 2015-05-03 23:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-08-23 03:44 - 2015-05-03 22:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-08-23 03:44 - 2015-03-14 08:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-23 03:44 - 2015-02-08 07:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-23 03:44 - 2015-02-08 07:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-23 03:44 - 2015-01-30 10:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-08-23 03:44 - 2015-01-30 09:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-08-23 03:44 - 2015-01-30 09:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-08-23 03:44 - 2015-01-30 09:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-08-23 03:44 - 2015-01-30 09:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-08-23 03:44 - 2015-01-30 09:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-08-23 03:44 - 2015-01-30 09:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-08-23 03:44 - 2015-01-30 09:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-08-23 03:44 - 2015-01-28 07:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-23 03:44 - 2015-01-28 07:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-23 03:44 - 2014-12-11 13:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-08-23 03:44 - 2014-07-24 11:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-08-23 03:44 - 2014-07-24 11:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-08-23 03:43 - 2015-05-08 00:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-08-23 02:38 - 2015-09-02 00:21 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3DAF5571-29A1-4A4F-BEAF-7B840134C7E9}
2015-08-23 02:38 - 2015-08-24 08:13 - 00000000 __SHD C:\Users\LENOVO\AppData\Local\EmieUserList
2015-08-23 02:38 - 2015-08-24 08:13 - 00000000 __SHD C:\Users\LENOVO\AppData\Local\EmieSiteList
2015-08-23 02:38 - 2015-08-24 08:13 - 00000000 __SHD C:\Users\LENOVO\AppData\Local\EmieBrowserModeList
2015-08-23 02:36 - 2015-08-23 02:36 - 00001453 _____ C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-23 02:36 - 2015-08-23 02:36 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-23 02:36 - 2015-08-23 02:36 - 00000020 ___SH C:\Users\LENOVO\ntuser.ini
2015-08-23 02:34 - 2015-08-23 02:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-23 02:34 - 2015-08-23 02:34 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-08-23 02:31 - 2015-08-23 02:31 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-23 02:31 - 2015-08-23 02:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-23 02:31 - 2015-08-23 02:31 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-23 02:31 - 2015-08-23 02:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-23 02:31 - 2015-08-23 02:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-23 02:29 - 2015-08-23 02:36 - 00000000 ____D C:\Users\LENOVO
2015-08-23 02:29 - 2015-08-23 02:34 - 00032388 _____ C:\WINDOWS\diagwrn.xml
2015-08-23 02:29 - 2015-08-23 02:34 - 00032388 _____ C:\WINDOWS\diagerr.xml
2015-08-23 02:29 - 2015-08-23 02:29 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 02:29 - 2015-08-23 02:29 - 00000000 ___RD C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-23 02:29 - 2015-08-23 02:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-23 02:29 - 2014-11-21 23:57 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 02:29 - 2014-11-21 23:57 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-23 02:29 - 2014-11-21 23:57 - 00000000 ___RD C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 02:29 - 2014-11-21 23:57 - 00000000 ___RD C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-23 02:29 - 2014-11-21 16:52 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-23 02:29 - 2014-11-21 16:52 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-23 02:29 - 2014-11-21 16:52 - 00000369 _____ C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-23 02:29 - 2014-11-21 16:52 - 00000369 _____ C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-23 02:29 - 2013-08-22 23:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-23 02:29 - 2013-08-22 23:36 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-23 02:27 - 2015-08-23 02:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-08-23 02:27 - 2015-08-23 02:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-23 02:27 - 2015-08-23 02:27 - 00000000 ____D C:\Program Files\Realtek
2015-08-23 02:27 - 2015-08-23 02:27 - 00000000 ____D C:\Program Files (x86)\USB Camera
2015-08-23 02:26 - 2015-08-28 15:25 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-08-23 02:26 - 2015-08-28 15:25 - 00000000 ____D C:\WINDOWS\system32\NV
2015-08-23 02:26 - 2015-08-23 02:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-23 02:26 - 2015-08-23 02:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-23 02:26 - 2015-08-23 02:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-23 02:26 - 2015-08-23 02:26 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-08-23 02:26 - 2015-08-23 02:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-08-23 02:26 - 2015-08-23 02:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-23 02:26 - 2015-08-23 02:26 - 00000000 ____D C:\Program Files\Synaptics
2015-08-23 02:26 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-23 02:26 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-23 02:26 - 2013-10-29 07:39 - 06610720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-23 02:26 - 2013-10-29 07:39 - 03477280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 01042720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 00920864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-23 02:26 - 2013-10-29 07:38 - 00580384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-08-23 02:26 - 2013-10-29 07:38 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-23 02:26 - 2013-10-25 19:44 - 03435888 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-21 09:38 - 2015-08-24 06:43 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-08-20 17:51 - 2015-03-04 15:26 - 00011105 ____N C:\WINDOWS\system32\AutoconfigV2.cab
2015-08-14 01:04 - 2015-08-14 01:06 - 00000000 _____ C:\WINDOWS\SysWOW64\mp4norm.dll
2015-08-14 01:00 - 2015-09-01 06:26 - 00000000 ____D C:\Program Files (x86)\Mp4Gain
2015-08-13 08:44 - 2015-08-13 08:44 - 00000000 ____D C:\ProgramData\iSkysoft
2015-08-13 06:43 - 2015-08-13 08:55 - 00000000 ____D C:\Users\LENOVO\Documents\iSkysoft Video Editor
2015-08-13 06:43 - 2015-08-13 06:43 - 00000000 ____D C:\Users\LENOVO\AppData\Local\iSkysoft
2015-08-13 06:36 - 2015-08-13 06:43 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2015-08-13 05:54 - 2004-03-09 01:00 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2015-08-13 05:54 - 2004-03-09 00:00 - 01081616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2015-08-13 05:54 - 2004-03-09 00:00 - 00132880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.OCX
2015-08-09 18:15 - 2015-08-09 18:15 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-08-09 17:35 - 2015-08-09 17:36 - 00000000 ____D C:\Users\LENOVO\Desktop\Firefox bookmarks backup 9 aug 2015
2015-08-09 16:59 - 2015-08-23 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-09 16:59 - 2015-08-09 16:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-08-09 16:55 - 2015-08-09 16:55 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-08-09 16:55 - 2015-08-09 16:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-08-09 16:54 - 2015-08-13 04:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-09 16:54 - 2015-08-09 16:59 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-09 16:54 - 2015-08-09 16:54 - 00000000 __RHD C:\MSOCache
2015-08-09 16:54 - 2015-08-09 16:54 - 00000000 ____D C:\Users\LENOVO\AppData\Local\Microsoft Help
2015-08-07 16:50 - 2015-08-07 16:50 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-07 16:50 - 2015-08-07 16:50 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-04 11:03 - 2015-08-23 03:32 - 00000000 ____D C:\Users\LENOVO\Desktop\MAJU_ RECEIPTS#

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-02 06:23 - 2013-09-13 17:42 - 00000000 ____D C:\Users\LENOVO\AppData\Local\CrashDumps
2015-09-02 06:23 - 2013-09-10 23:19 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Media Player Classic
2015-09-02 06:18 - 2014-11-21 16:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-02 06:02 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-01 21:34 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-01 17:09 - 2013-09-12 17:50 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-122341192-2292051211-3585160535-1002
2015-09-01 06:39 - 2015-01-23 23:16 - 00000000 ____D C:\AdwCleaner
2015-09-01 06:37 - 2014-10-03 21:53 - 00000000 ____D C:\Users\LENOVO\Desktop\zujin
2015-09-01 04:26 - 2013-09-12 06:57 - 00000000 ____D C:\Users\LENOVO\AppData\Local\CutePDF Writer
2015-09-01 02:44 - 2015-02-20 19:02 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-01 00:13 - 2013-09-13 00:00 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-31 23:47 - 2014-06-30 09:13 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 07:30 - 2013-11-29 05:32 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\FileZilla
2015-08-30 22:12 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-27 05:26 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-26 23:59 - 2014-02-02 21:07 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\SlimBrowser
2015-08-26 03:24 - 2015-07-28 18:19 - 00000000 ____D C:\Users\LENOVO\Desktop\Majuprimus Filing
2015-08-25 16:06 - 2015-07-10 21:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-25 13:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-25 12:19 - 2013-09-12 07:04 - 00233495 _____ C:\WINDOWS\hpoins21.dat
2015-08-25 12:19 - 2013-09-12 07:04 - 00001360 _____ C:\ProgramData\hpzinstall.log
2015-08-25 09:38 - 2012-07-26 13:26 - 00000229 _____ C:\WINDOWS\win.ini
2015-08-25 07:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-25 06:00 - 2012-07-26 15:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-25 00:22 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-24 06:44 - 2013-08-22 22:44 - 00429664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-24 06:43 - 2014-11-21 23:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-24 06:43 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-24 06:43 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-08-23 18:24 - 2013-08-22 23:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-23 04:02 - 2014-11-21 16:25 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-23 03:39 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-23 03:32 - 2015-07-31 20:04 - 00002035 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-08-23 02:37 - 2013-09-10 10:14 - 00000000 ____D C:\Users\LENOVO\AppData\Local\Packages
2015-08-23 02:34 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Registration
2015-08-23 02:33 - 2013-08-22 23:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-23 02:33 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-23 02:31 - 2015-04-22 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-23 02:31 - 2014-11-23 05:17 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-08-23 02:31 - 2014-11-23 05:17 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-08-23 02:31 - 2014-11-21 16:25 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-08-23 02:31 - 2014-11-21 16:00 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-08-23 02:31 - 2014-10-08 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Downloader(xmlbar)
2015-08-23 02:31 - 2014-06-30 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 02:31 - 2014-02-21 08:55 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-23 02:31 - 2014-02-21 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-23 02:31 - 2014-02-08 03:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NameWiz
2015-08-23 02:31 - 2014-02-02 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser
2015-08-23 02:31 - 2014-01-20 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Cope
2015-08-23 02:31 - 2013-12-11 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swivel
2015-08-23 02:31 - 2013-11-29 05:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-08-23 02:31 - 2013-10-09 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2015-08-23 02:31 - 2013-10-09 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-23 02:31 - 2013-09-16 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-08-23 02:31 - 2013-09-15 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-08-23 02:31 - 2013-09-12 07:30 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-08-23 02:31 - 2013-09-12 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-23 02:31 - 2013-09-12 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-08-23 02:31 - 2013-09-11 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\风行
2015-08-23 02:31 - 2013-09-10 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-23 02:31 - 2013-09-10 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 5.8
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-08-23 02:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-23 02:31 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-23 02:31 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-23 02:31 - 2013-04-13 05:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-08-23 02:31 - 2013-04-13 05:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2015-08-23 02:31 - 2013-04-13 05:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-23 02:31 - 2013-04-13 05:17 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-08-23 02:31 - 2013-04-13 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2015-08-23 02:31 - 2013-04-13 05:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-23 02:31 - 2013-04-13 04:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-23 02:31 - 2012-07-26 13:37 - 00000000 ____D C:\Users\Default.migrated
2015-08-23 02:30 - 2015-07-25 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\硕鼠软件
2015-08-23 02:30 - 2015-05-06 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-23 02:30 - 2014-10-07 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-08-23 02:30 - 2013-09-28 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-08-23 02:30 - 2013-08-22 23:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\IME
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Help
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-23 02:30 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-08-23 02:30 - 2012-10-10 07:10 - 00000000 ____D C:\ProgramData\PRICache
2015-08-23 02:29 - 2013-10-09 01:06 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-23 02:29 - 2013-09-10 10:14 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-23 02:29 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-23 02:29 - 2013-04-13 05:30 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-23 02:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\System
2015-08-23 02:25 - 2013-08-22 21:36 - 00000000 __RHD C:\Users\Default
2015-08-23 00:33 - 2013-04-13 05:17 - 00432016 _____ C:\WINDOWS\system32\prfh0804.dat
2015-08-23 00:33 - 2013-04-13 05:17 - 00132686 _____ C:\WINDOWS\system32\prfc0804.dat
2015-08-22 13:14 - 2013-09-16 02:10 - 05476352 ___SH C:\Users\LENOVO\Desktop\Thumbs.db
2015-08-22 03:14 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-08-19 23:58 - 2014-02-17 23:45 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\Audacity
2015-08-14 09:50 - 2014-11-22 00:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-14 09:50 - 2014-11-22 00:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 04:50 - 2013-09-13 00:00 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-08-13 06:37 - 2013-09-10 23:45 - 00000000 ____D C:\FDownload
2015-08-13 03:48 - 2013-09-10 17:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 03:46 - 2013-09-10 17:57 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 08:03 - 2015-08-01 07:21 - 00000000 ____D C:\Users\LENOVO\Desktop\Motivational Pics
2015-08-10 19:05 - 2013-09-15 19:31 - 00562176 ___SH C:\Users\LENOVO\Downloads\Thumbs.db
2015-08-09 18:49 - 2015-07-25 01:00 - 00000000 ____D C:\Users\LENOVO\AppData\Roaming\flvcd
2015-08-09 16:54 - 2013-04-13 05:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-07 16:50 - 2014-05-02 10:42 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-07 16:50 - 2014-01-03 09:29 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-07 16:50 - 2013-09-13 00:00 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-07 16:50 - 2013-09-13 00:00 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-07 16:50 - 2013-09-13 00:00 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-07 16:50 - 2013-09-13 00:00 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-07 16:50 - 2013-09-13 00:00 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

==================== Files in the root of some directories =======

2013-09-13 19:04 - 2013-11-04 04:35 - 0000911 _____ () C:\Users\LENOVO\AppData\Roaming\coreavc.ini
2015-09-01 01:29 - 2015-09-01 01:29 - 0095659 _____ () C:\Users\LENOVO\AppData\Local\ars.cache
2015-09-01 01:29 - 2015-09-01 01:29 - 0246745 _____ () C:\Users\LENOVO\AppData\Local\census.cache
2015-09-01 01:21 - 2015-09-01 01:21 - 0000036 _____ () C:\Users\LENOVO\AppData\Local\housecall.guid.cache
2013-04-13 05:09 - 2013-04-13 05:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-12 07:04 - 2015-08-25 12:19 - 0001360 _____ () C:\ProgramData\hpzinstall.log
2013-04-13 05:35 - 2013-04-13 05:35 - 0000198 ____H () C:\ProgramData\Lenovo-18378.vbs
2014-03-15 01:16 - 2015-03-29 04:34 - 0030600 _____ () C:\ProgramData\wifv

Files to move or delete:
====================
C:\ProgramData\Lenovo-18378.vbs


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\mp4norm.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 03:29

==================== End of FRST.txt ============================

 

 

Here's the Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by LENOVO (2015-09-02 06:26:56)
Running from C:\Users\LENOVO\Desktop\Removal Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-122341192-2292051211-3585160535-500 - Administrator - Disabled)
Guest (S-1-5-21-122341192-2292051211-3585160535-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-122341192-2292051211-3585160535-1008 - Limited - Enabled)
LENOVO (S-1-5-21-122341192-2292051211-3585160535-1002 - Administrator - Enabled) => C:\Users\LENOVO
UpdatusUser (S-1-5-21-122341192-2292051211-3585160535-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C6200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EaseUS Todo Backup Free 5.8 (HKLM-x32\...\EaseUS Todo Backup Free 5.8_is1) (Version: 5.8 - CHENGDU YIWO Tech Development Co., Ltd)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.119 - FlashPeak Inc.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.12.1023.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Cope 4.0 (HKLM-x32\...\Media Cope_is1) (Version:  - Media Cope)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
NameWiz (HKLM-x32\...\NameWiz) (Version:  - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Swivel (HKLM-x32\...\Swivel) (Version: 1.11 - Newgrounds.com, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UltraGet Video Downloader version 3.0.7 (HKLM-x32\...\{D6DAC6E1-400B-4819-89A9-6B8BBEB3A516}_is1) (Version: 3.0.7 - Anvsoft, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare MobileGo for Android ( Version 4.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 4.0.0 - Wondershare)
硕鼠 0.4.7.9 测试版-3 (HKLM-x32\...\硕鼠) (Version: 0.4.7.9 测试版-3 - flvcd.com)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-122341192-2292051211-3585160535-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

23-08-2015 03:39:59 Windows Update
26-08-2015 08:47:58 JRT Pre-Junkware Removal
27-08-2015 04:55:23 restore01_after windows 8.1 upgrade
30-08-2015 21:11:12 Installed SDFormatter.
01-09-2015 06:28:42 Removed SDFormatter.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2015-09-01 02:46 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {353788B4-807D-4C66-B67D-E1BDF8862A8C} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {3E9208EB-35A9-4FB4-B41B-1CC60DFBF559} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2015-07-13] (Google Inc.)
Task: {625AE1D3-A80F-413C-84C7-A776EE930D40} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {8C7910E1-495F-493B-A78A-996ACE880767} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A0A2EFF0-71F3-46BD-B67B-87EB53ED92DA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-27] (Synaptics Incorporated)
Task: {B5002739-EFA7-4309-B530-9FDBE342EB05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-07] (AVAST Software)
Task: {B84C2CF6-6D69-453B-BE5C-4D580823354E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-02] (Piriform Ltd)
Task: {C54FC35C-FE0E-460C-97E6-4BA353ADF890} - System32\Tasks\{885FAABB-6C84-4CA1-BFAE-1C523497BFD4} => pcalua.exe -a "C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinUninstaller.exe"
Task: {C5E20D5A-D511-42C4-A290-0C672DDCA247} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-12 06:39 - 2012-10-05 10:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-07-10 01:32 - 2015-07-10 01:32 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-09-30 10:02 - 2012-09-30 10:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-30 09:59 - 2012-09-30 09:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-30 10:01 - 2012-09-30 10:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-08-07 16:50 - 2015-08-07 16:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-07 16:50 - 2015-08-07 16:50 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-01 02:24 - 2015-09-01 02:24 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15083101\algo.dll
2015-09-02 01:36 - 2015-09-02 01:36 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15090100\algo.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2013-09-10 10:19 - 2008-11-26 08:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2013-09-10 10:19 - 2004-10-05 18:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00090696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00022088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2013-09-10 10:18 - 2013-03-17 03:36 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2013-09-10 10:19 - 2013-03-17 03:36 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-03-25 02:10 - 2015-03-25 02:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-13 05:04 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\mp4norm.dll:ExtraData

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-122341192-2292051211-3585160535-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{248ABFBD-820C-45CF-9E57-94DAF39CBB36}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS268C\HPDiagnosticCoreUI.exe
FirewallRules: [{5329B19B-2D5C-4858-816E-AE6761C6F885}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS268C\HPDiagnosticCoreUI.exe
FirewallRules: [{5A2113CD-28FA-432A-8F30-5040FC60A1FE}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS6FC5\HPDiagnosticCoreUI.exe
FirewallRules: [{E359C83E-ADC5-4C96-B328-D5AC5F4E385D}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS6FC5\HPDiagnosticCoreUI.exe
FirewallRules: [{B42C1611-D747-486B-B750-66505A7FD1C3}] => (Allow) LPort=53
FirewallRules: [{35D48A9C-9F8E-4D1C-B8F5-CD325EC18D58}] => (Allow) LPort=67
FirewallRules: [{F5087105-7C0D-44B3-A335-89D71B542F1A}] => (Allow) LPort=65435
FirewallRules: [{2916DA58-A628-40F2-AEEE-59CE95498DBA}] => (Allow) LPort=53
FirewallRules: [{D3AC1093-90E4-4C6E-A18C-5C45B4D498CA}] => (Allow) LPort=67
FirewallRules: [{05E88933-D514-4432-A00C-98559E393863}] => (Allow) LPort=65435
FirewallRules: [{7D23E485-B31C-46B1-A9A7-E86FDC2A88F5}] => (Allow) C:\Program Files (x86)\360AP\360AP.exe
FirewallRules: [{E8FC0C39-E006-49A3-A1B9-BA7A5DA26F62}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{370C6BED-F7D1-4F5E-ACF2-C9245D4F0D93}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{515F4B1F-2648-49DA-A640-B70BBD894198}] => (Block) C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{88D8019D-0EE1-483C-8906-3BC9CA0394BF}] => (Block) C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [UDP Query User{835AD836-BB3C-4554-9E33-A112BA65BC83}C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [TCP Query User{4932B9C2-C8BA-4B1B-B3C9-356B9AF9EF2E}C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe] => (Allow) C:\users\lenovo\appdata\local\tudou\feisutudou\tudouva.exe
FirewallRules: [{97E11ED5-A365-448A-8904-88370E6C2329}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Torrent\aria2c.exe
FirewallRules: [{AD315FA6-16BD-407B-AD1F-A5DD204D29C7}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Torrent\aria2c.exe
FirewallRules: [{A5DD1EFF-2F4E-4DF8-B75D-F2202D629227}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Torrent\fctorrentp.exe
FirewallRules: [{E646A857-40BF-4B9C-AA33-DEFAE6492D39}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Torrent\fctorrentp.exe
FirewallRules: [{0DA075BC-7777-44D7-8DF9-F127D5E74E09}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Video\fctubep.exe
FirewallRules: [{5C5ABEB7-A4BC-48DD-B056-66F034915022}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Video\fctubep.exe
FirewallRules: [{F4DF7E1B-286D-479D-8F25-58BBA4271DD7}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Video\fcvideop.exe
FirewallRules: [{9D279403-10AB-47B8-B84A-B149898D6FA7}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Video\fcvideop.exe
FirewallRules: [{1887663C-B062-4D12-ACFA-D5AF807939DB}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Screen\fcscreenp.exe
FirewallRules: [{DDCC939B-EDD3-4CF7-B0E6-947A973B3B70}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Screen\fcscreenp.exe
FirewallRules: [{38338769-2607-484A-BD1E-3CF7D315E8B7}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Audio\fcaudiop.exe
FirewallRules: [{930A35DD-013A-475E-B696-0BB0BE941E67}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Audio\fcaudiop.exe
FirewallRules: [{D84A35DD-2136-4759-ABB2-010A0FC5332B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Converter\fcmediap.exe
FirewallRules: [{9D2D4F45-2C32-4FD7-BB35-3103AB8A1017}] => (Allow) C:\Program Files (x86)\Applian Technologies\Freecorder 8 Applications\Converter\fcmediap.exe
FirewallRules: [{C06B5D9A-F2BD-41DE-9F5F-8DD882A6CC18}] => (Block) C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe
FirewallRules: [{4FE09DB1-A7F7-437F-9946-F38E0FAA69F0}] => (Block) C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe
FirewallRules: [UDP Query User{B105F911-8BCF-4FF8-9486-E3CBBFF728F5}C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe] => (Allow) C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe
FirewallRules: [TCP Query User{E7D493B5-34BF-4B2B-AB6D-E9DA5EDD1AEB}C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe] => (Allow) C:\program files (x86)\anvsoft\ultraget video downloader\ultraget.exe
FirewallRules: [{BF88E075-5E1C-4847-AED1-72C659A9C33D}] => (Block) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [{D42D512E-894E-47EF-91C2-50B39AFB07D9}] => (Block) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [{F6832834-78A2-421A-87B4-2D40D1D1BA93}] => (Block) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [{CE508046-EC20-4493-91A6-8A1F7F256782}] => (Block) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [UDP Query User{A36C2A36-7C34-49A9-883C-153FBE7F5AE9}C:\program files (x86)\youku\youkuclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [TCP Query User{800B989C-F985-4405-8424-59335B6F7F9C}C:\program files (x86)\youku\youkuclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\youkuclient\ikuacc.exe
FirewallRules: [UDP Query User{79CF50CB-CEFB-4DC6-9822-5D51611F754C}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe] => (Allow) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [TCP Query User{746876A9-B184-484E-B2AF-B69D430DC6E6}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe] => (Allow) C:\program files (x86)\youku\youkuclient\youkumediacenter.exe
FirewallRules: [{892BB729-72D6-493D-8617-6309258EB03C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A5CD45B-B9B1-47C1-A695-E0E61BF662EE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{17198599-4C80-4F9A-A1D1-5E097FFEAFB2}C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe] => (Block) C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe
FirewallRules: [TCP Query User{272E003C-2CE5-4E92-BEDA-8B418D6F7B27}C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe] => (Block) C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe
FirewallRules: [UDP Query User{6D398E87-BEED-4BE8-B62F-409700CBBAD1}C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe] => (Block) C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe
FirewallRules: [TCP Query User{4ADEF5FC-60FC-486C-B78C-9AE645EF1B27}C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe] => (Block) C:\users\lenovo\appdata\roaming\funshion\funshionservice.exe
FirewallRules: [{0FE61271-AE31-4DE9-BF30-D41121D90DAA}] => (Allow) C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwService.exe
FirewallRules: [{F02E5FB4-42DE-404D-998C-641A7F617018}] => (Allow) C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwService.exe
FirewallRules: [{93B29238-17B9-4786-B7C9-53DD9B195502}] => (Allow) C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwMusic.exe
FirewallRules: [{32BC68CB-9215-47DD-A5D3-455394EFC00A}] => (Allow) C:\Program Files (x86)\kuwo\KWMUSIC2013\bin\KwMusic.exe
FirewallRules: [{2D11C764-3579-48B6-AABA-B4C18EBB917F}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe
FirewallRules: [{49D6692E-27D4-4C8A-9B72-961B85DDEE1B}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionUpgrade.exe
FirewallRules: [{02B81C99-9160-41DF-959E-39D60FC0B13E}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe
FirewallRules: [{2F3AB967-47B8-414B-B33C-B63C7AD8E845}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.56\FunshionService.exe
FirewallRules: [{2458E676-9860-4F8C-AF0C-E3BDB0D120D0}] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{DDA6D617-683D-449A-8590-DFC5962CCAB8}] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{0A798BA1-99DF-4945-ABDD-8647D40A4478}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{0ED3802E-D730-42C7-BA3E-E31608BBCB33}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{AC06807B-57C3-4D48-96BA-BC26CBD29907}] => (Allow) LPort=1900
FirewallRules: [{CBE642AB-61EE-4ACE-87C2-6750FBC324CE}] => (Allow) LPort=2869
FirewallRules: [{7D0E9AAE-57F4-472A-8645-F3CB2D83E598}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{75AF056B-D1D4-4890-BF83-523D19292566}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{98A76229-0243-445C-BD9D-A671313C7D06}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{A94695CA-2D67-4520-A80B-2F9CB57C291D}C:\program files (x86)\funshion online\2.8.6.51\funshionservice.exe] => (Allow) C:\program files (x86)\funshion online\2.8.6.51\funshionservice.exe
FirewallRules: [TCP Query User{C56B9175-16F7-48C4-95A9-697E2094EA61}C:\program files (x86)\funshion online\2.8.6.51\funshionservice.exe] => (Allow) C:\program files (x86)\funshion online\2.8.6.51\funshionservice.exe
FirewallRules: [UDP Query User{A26A3C2E-EDEE-4537-A207-F48CFC4F4F33}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{B0F348B4-D05B-4A27-8D19-FC5407653D86}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{D72D1CC0-4ADA-4A71-8ED3-8C55B665DB4C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E4E3D1C6-C7DD-4A44-BB96-2F496C8E1BE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{69E11E9E-E84B-4AD0-9FE9-A86073B811D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{97ECC33D-4BE9-4866-B014-681760D19940}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{BEF038B2-E40B-44F9-B3BA-9634E9A4B881}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C80EF908-964A-4461-ACB9-8922ABE66120}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C7C90EE1-FCA4-45E4-93F8-E2A466253698}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E03A7DD6-3D28-4D58-B49C-3171DA4158A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EC405BF6-6CD9-460E-B378-DBF9EF2CC1CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D457F572-FB95-433E-B519-2D9F02812443}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FDC112CC-D1A1-45E2-AAFB-616A90BD6C8F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{E9886575-EE36-46E1-A31B-CEA8075AC179}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{44C7B4E6-BA70-49AB-A7EF-D7F093A0DAC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{49768813-FE8C-4FFA-BA44-75BAA0892E93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{21C84AC6-9A55-44D0-BA9B-2C8733BAB1D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{870B3D22-0C61-4687-8A25-72DC8D876307}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BBAB0CA1-8434-4A7A-9B2F-C76814C9C083}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3FA4B7AE-DD10-482A-B661-F7D788B9D4B2}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionUpgrade.exe
FirewallRules: [{2513184C-04AB-470D-BF82-2FC2A7EAFE1E}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionUpgrade.exe
FirewallRules: [{C914789A-5508-4307-999F-FADD53657BEA}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionService.exe
FirewallRules: [{0A2C0D02-D97F-4433-AB14-B647C5CD0ED1}] => (Allow) C:\Program Files (x86)\Funshion Online\2.8.6.51\FunshionService.exe
FirewallRules: [{8B83DDC8-0760-41E3-90B6-A26AD50816A8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{334704B9-F750-4D3E-B9A5-30B35ACC804C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{756B9E93-3263-495C-8D91-A8E038D0124C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{CE0F8708-C64D-4D50-8884-037AB6171A73}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS7F54\HPDiagnosticCoreUI.exe
FirewallRules: [{26576AC9-B960-47E9-A1D7-C87B6229081D}] => (Allow) C:\Users\LENOVO\AppData\Local\Temp\7zS7F54\HPDiagnosticCoreUI.exe
FirewallRules: [{2EDE93ED-3D92-41B3-A36A-C6A6F887A27C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9A9CA-EE14-49CD-A850-745D4BF6155B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 06:26:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:26:55Z. Error Code: 0x80070005.

Error: (09/02/2015 06:26:25 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:26:25Z. Error Code: 0x80070005.

Error: (09/02/2015 06:25:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:25:55Z. Error Code: 0x80070005.

Error: (09/02/2015 06:25:25 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:25:25Z. Error Code: 0x80070005.

Error: (09/02/2015 06:24:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:24:54Z. Error Code: 0x80070005.

Error: (09/02/2015 06:24:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:24:24Z. Error Code: 0x80070005.

Error: (09/02/2015 06:23:54 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:23:54Z. Error Code: 0x80070005.

Error: (09/02/2015 06:23:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:23:24Z. Error Code: 0x80070005.

Error: (09/02/2015 06:22:54 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:22:54Z. Error Code: 0x80070005.

Error: (09/02/2015 06:22:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-08-08T22:22:24Z. Error Code: 0x80070005.


System errors:
=============
Error: (09/02/2015 03:08:44 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (09/01/2015 06:29:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (09/01/2015 04:01:05 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/01/2015 04:00:35 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/01/2015 03:36:45 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/01/2015 03:36:15 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/01/2015 03:30:58 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/01/2015 03:30:28 AM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/01/2015 02:44:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (09/01/2015 02:24:12 AM) (Source: DCOM) (EventID: 10005) (User: idea-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================
Error: (09/02/2015 06:26:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:26:55Z

Error: (09/02/2015 06:26:25 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:26:25Z

Error: (09/02/2015 06:25:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:25:55Z

Error: (09/02/2015 06:25:25 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:25:25Z

Error: (09/02/2015 06:24:55 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:24:54Z

Error: (09/02/2015 06:24:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:24:24Z

Error: (09/02/2015 06:23:54 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:23:54Z

Error: (09/02/2015 06:23:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:23:24Z

Error: (09/02/2015 06:22:54 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:22:54Z

Error: (09/02/2015 06:22:24 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052115-08-08T22:22:24Z


CodeIntegrity:
===================================
  Date: 2015-08-19 17:11:24.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-19 17:11:23.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 14:03:19.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 14:03:18.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:46:06.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:46:05.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:41:28.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:41:27.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:29:05.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-14 01:29:04.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 12%
Total physical RAM: 16239.52 MB
Available physical RAM: 14177.68 MB
Total Virtual: 17263.52 MB
Available Virtual: 15088.24 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:123.45 GB) (Free:51.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:92.69 GB) (Free:89.57 GB) NTFS
Drive f: (LRS_ESP) (Fixed) (Total:0.97 GB) (Free:0.49 GB) FAT32 ==>[system with boot components (obtained from reading drive)]
Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1601.31 GB) NTFS
Drive l: (HD-PZU3) (Fixed) (Total:931.48 GB) (Free:616.81 GB) NTFS
Drive o: (HD-GDU3) (Fixed) (Total:2794.52 GB) (Free:232.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 522E827C)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 8001FF91)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
Bruce1270
Posted 03 September 2015 - 05:48 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Legna

Lets see what we can do for you. :)

I noticed that you run FRST64.exe from C:\Users\\Desktop\Removal Tools folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

FlashPeak SlimBrowser

To do this:
Please go to Start Menu -> Control Panel -> Programs and Features
In the list of installed programs locate and click on the program to uninstall
Click uninstall.


Step2 - Move FRST to desktop

I noticed that you run FRST64.exe from C:\Users\\Desktop\Removal Tools folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.


Step3 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop. Attached File  fixlist.txt   1.94KB   266 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step4 - RogueKiller report

    Please also post the roguekiller report. You should find this on your desktop. It will be called something like RKreport_SCN_date_time.


    How is the computer running after this fix? Any change?

  • 0

#5
legna
Posted 03 September 2015 - 12:34 PM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi,

I have been using Flashpeak SlimBrowser to view videos without any problems. But as requested, I uninstalled it.

Is it an unwanted program?

 

After running FRST, it asked for a restart. After the reboot, I received 2 strange windows security alerts.

1)Windows Firewall has blocked some features of intel services manager on all public & private networks.

2)Windows Firewall has blocked some features of wondershare mobilego service.

Anyway, I unchecked all the boxes and cancelled the windows.As for mobilego, I am not using this software at present as the trial period had already ended sometime back.

Attached are both screenshots.

after restart prtscrn.jpg

 

 

After the reboot, there is a fixlog.txt generated.

As for RKreport_SCN_date_time, IT IS NOWHERE TO BE SEEN ON THE DESKTOP.

 

Here's the fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by LENOVO (2015-09-04 01:40:39) Run:1
Running from C:\Users\LENOVO\Desktop
Loaded Profiles: UpdatusUser & LENOVO (Available Profiles: UpdatusUser & LENOVO)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} =>  No File
HKU\S-1-5-21-122341192-2292051211-3585160535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-122341192-2292051211-3585160535-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-122341192-2292051211-3585160535-1002 -> {9426B79F-2D6F-4DDF-B22D-3200A6394DE2} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\LENOVO\funshion\funshiontools\npFunshion.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [No File]
FF Extension: YouTube to MP3 - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] [2014-02-04]
C:\ProgramData\Lenovo-18378.vbs
C:\Windows\SysWOW64\mp4norm.dll
AlternateDataStreams: C:\WINDOWS\SysWOW64\mp4norm.dll:ExtraData
C:\Users\LENOVO\funshion
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => key removed successfully
HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found.
"HKU\S-1-5-21-122341192-2292051211-3585160535-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-122341192-2292051211-3585160535-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-122341192-2292051211-3585160535-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9426B79F-2D6F-4DDF-B22D-3200A6394DE2}" => key removed successfully
HKCR\CLSID\{9426B79F-2D6F-4DDF-B22D-3200A6394DE2} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@funshion.com/npFunshion" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.51.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2" => key removed successfully
C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] => moved successfully
C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\7cyjnh17.default\Extensions\[email protected] => path removed successfully
C:\ProgramData\Lenovo-18378.vbs => moved successfully
C:\Windows\SysWOW64\mp4norm.dll => moved successfully
"C:\WINDOWS\SysWOW64\mp4norm.dll" => ":ExtraData" ADS not found.
"C:\Users\LENOVO\funshion" => File/Folder not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {CC7AEA72-0027-4C96-939D-D0204B21489B}.
Unable to cancel {1C4658C6-AD68-4475-897A-6652285B33CF}.
{F36A1058-2352-4E4F-887D-5EEAB68E5EAA} canceled.
{3DBA22D6-1098-4D3A-8B7A-4253CC836EAD} canceled.
{105F7CC6-AA0D-4D01-BB60-B3FCF58AC84B} canceled.
{1C3D09A5-5914-4850-B1C0-1BC7303810F2} canceled.
{777D656F-EDF1-4D76-9CE5-3FEA4DCF7912} canceled.
5 out of 7 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5857:400c:31d:a505%2
   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:bc:1dc4:3f57:fef0
   Link-local IPv6 Address . . . . . : fe80::bc:1dc4:3f57:fef0%10
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5857:400c:31d:a505%2
   IPv4 Address. . . . . . . . . . . : 192.168.1.15
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:bc:1dc4:3f57:fef0
   Link-local IPv6 Address . . . . . : fe80::bc:1dc4:3f57:fef0%10
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{D4F0B1D2-BCEE-4F56-ACF4-C1F8BBA110CA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 7.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 01:40:56 ====

 

I tried logging in my own account in  member website but avast pop up  STILL SAYS  threat has been detected.

Enclosed are both printscreens.

threat has been detected.jpg

infection blocked.jpg

 

 

 

 


  • 0

#6
Bruce1270
Posted 03 September 2015 - 04:44 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi legna
 

I have been using Flashpeak SlimBrowser to view videos without any problems. But as requested, I uninstalled it.

Is it an unwanted program?


It often bundles other unwanted third party software during the installation process so is a potentially unwanted program.

In terms of getting the roguekiller report please try this.

First - unhide files and folders
  • Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization,C and then clicking Folder Options.
  • Click the Viewtab.
  • Under Advanced settings, click Show hidden files and folders, and then click OK.

    Second
  • Browse to C:\ProgramData\RogueKiller\Logs.
  • Locate the latest file called RKReport_DEL_..
  • Double click the file. It will open in notepad.
  • Copy(ctrl+c) and paste(ctrl+v) the contents in your next reply.

    Thanks

  • 0

#7
legna
Posted 04 September 2015 - 09:34 AM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

By the way, I have used roguekiller to remove some infected registry entries before posting my question online.

Here's a printscreen of the roguekiller's program data log folder just in case I submitted the wrong one.

roguekiller.jpg

 

Here's the RKReport_DEL report itself

I hope I have submitted the correct one.

 

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : LENOVO [Administrator]
Mode : Delete -- Date : 02/20/2015  21:45:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-122341192-2292051211-3585160535-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-122341192-2292051211-3585160535-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\OFFICE2013ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> Deleted
[Suspicious.Path] \Lenovo\Lenovo-18378 -- C:\ProgramData\Lenovo-18378.vbs -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] e56a53d82a56a95955bc32248535dc8f
[BSP] 35a13a1920ea8afe7794c2a9d8d82244 : Empty MBR Code
Partition table:
0 - Windows Recovery Environment | Offset (sectors): 1032 | Size: 1000 MB
1 - EFI System partition | Offset (sectors): 2050056 | Size: 260 MB
2 - Basic data partition | Offset (sectors): 2583560 | Size: 1000 MB
3 - Microsoft Reserved Partition | Offset (sectors): 4632584 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4895752 | Size: 126415 MB
5 - Basic data partition | Offset (sectors): 263794696 | Size: 94911 MB
6 - Windows Recovery Environment | Offset (sectors): 458173448 | Size: 20480 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
--- User ---
[MBR] 02017e623a401026f708883e9eb9f1d2
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: BUFFALO HD-PNTU3 USB Device +++++
--- User ---
[MBR] 8cecda23a0a194368da3c3fbfb0120c9
[BSP] 68fb24c1460fd76a624f7b949c34a5a3 : Unknown MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 7a4ec4e08b9c0b7774c61db295f91382
[BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: BUFFALO HD-PZU3 USB Device +++++
--- User ---
[MBR] 7bb08fd48461d8d53a175a967ae3b231
[BSP] 83848a3e3c456c25741e02680d85a20f : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: BUFFALO HD-GDU3 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_02202015_191821.log

 


  • 0

#8
Bruce1270
Posted 04 September 2015 - 01:14 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Legna

Thanks for the log and the screenshot. The one I am looking for is the latest one run on 1 September 2015 which deleted items - RKreport_DEL_09012015_021817

Please post this log.

Thanks.
  • 0

#9
legna
Posted 04 September 2015 - 04:37 PM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

After opening the  RKreport_DEL_09012015_021817.json  with notepad,

the details are as follows:

 

{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.10.3.0",
            "x64": false,
            "date": "Aug 31 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.co.../roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 8.1 (6.3.9600) 64 bits version",
            "boot": 1,
            "winpe": false,
            "user": "LENOVO",
            "user_admin": true,
            "program_location": "C:\\Users\\LENOVO\\Desktop\\RogueKiller.exe",
            "x64": true
        },
        "report": {
            "type": 2,
            "aborted": false,
            "date": "09/01/2015 02:18:17",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 416,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 508,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 500,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 544,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "wininit.exe",
                "pid_parent": 500,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 560,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 552,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 604,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 552,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "wininit.exe",
                "pid": 644,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 544,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "lsass.exe",
                "name_parent": "wininit.exe",
                "pid": 652,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\WINDOWS\\system32\\lsass.exe",
                "pid_parent": 544,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 724,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 644,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 768,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 644,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 828,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 644,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 872,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 604,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 888,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 644,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 956,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkService",
                "pid_parent": 644,
                "path_parent": ""
            },
            {
                "name": "userinit.exe",
                "name_parent": "winlogon.exe",
                "pid": 972,
                "path": "C:\\Windows\\System32\\userinit.exe",
                "command_line": "C:\\Windows\\system32\\userinit.exe",
                "pid_parent": 604,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "userinit.exe",
                "pid": 856,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 972,
                "path_parent": "C:\\Windows\\System32\\userinit.exe"
            },
            {
                "name": "ctfmon.exe",
                "name_parent": "explorer.exe",
                "pid": 1036,
                "path": "C:\\Windows\\System32\\ctfmon.exe",
                "command_line": "ctfmon.exe",
                "pid_parent": 856,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "ChsIME.exe",
                "name_parent": "svchost.exe",
                "pid": 1068,
                "path": "C:\\Windows\\System32\\InputMethod\\CHS\\ChsIME.exe",
                "command_line": "C:\\Windows\\System32\\InputMethod\\CHS\\ChsIME.exe -Embedding",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ThumbnailExtractionHost.exe",
                "name_parent": "svchost.exe",
                "pid": 1332,
                "path": "C:\\Windows\\System32\\ThumbnailExtractionHost.exe",
                "command_line": "C:\\WINDOWS\\System32\\ThumbnailExtractionHost.exe -Embedding",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "HelpPane.exe",
                "name_parent": "svchost.exe",
                "pid": 1344,
                "path": "C:\\Windows\\HelpPane.exe",
                "command_line": "C:\\Windows\\helppane.exe -Embedding",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "dllhost.exe",
                "name_parent": "svchost.exe",
                "pid": 1376,
                "path": "C:\\Windows\\System32\\dllhost.exe",
                "command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "svchost.exe",
                "pid": 1672,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "dllhost.exe",
                "name_parent": "svchost.exe",
                "pid": 1804,
                "path": "",
                "command_line": "",
                "pid_parent": 724,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "explorer.exe",
                "pid": 1864,
                "path": "C:\\Users\\LENOVO\\Desktop\\RogueKiller.exe",
                "command_line": "\"C:\\Users\\LENOVO\\Desktop\\RogueKiller.exe\" ",
                "pid_parent": 856,
                "path_parent": "C:\\Windows\\explorer.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 2,
                "scan_how": [
                    4
                ],
                "scan_how_trigger": 4,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "Services",
                "view": 256,
                "value": "",
                "subkey": "aswVmm",
                "value_old_data": "",
                "value_data": "",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services",
                "extra": "\\??\\C:\\Users\\LENOVO\\AppData\\Local\\Temp\\aswVmm.sys",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\LENOVO\\AppData\\Local\\Temp\\aswVmm.sys",
                        "path_compressed": "%localappdata%\\Temp\\aswVmm.sys",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Deleted",
                "status_choice": 2,
                "status_removed": 3
            },
            {
                "scan_what": 2,
                "scan_how": [
                    4
                ],
                "scan_how_trigger": 4,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "Services",
                "view": 256,
                "value": "",
                "subkey": "aswVmm",
                "value_old_data": "",
                "value_data": "",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
                "extra": "\\??\\C:\\Users\\LENOVO\\AppData\\Local\\Temp\\aswVmm.sys",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\LENOVO\\AppData\\Local\\Temp\\aswVmm.sys",
                        "path_compressed": "%localappdata%\\Temp\\aswVmm.sys",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Deleted",
                "status_choice": 2,
                "status_removed": 3
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226335,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: Samsung SSD 840 PRO Series +++++\n--- User ---\n[MBR] e56a53d82a56a95955bc32248535dc8f\n[BSP] 35a13a1920ea8afe7794c2a9d8d82244 : Empty MBR Code\nPartition table:\n0 - Windows Recovery Environment | Offset (sectors): 1032 | Size: 1000 MB\n1 - EFI System partition | Offset (sectors): 2050056 | Size: 260 MB\n2 - Basic data partition | Offset (sectors): 2583560 | Size: 1000 MB\n3 - Microsoft Reserved Partition | Offset (sectors): 4632584 | Size: 128 MB\n4 - Basic data partition | Offset (sectors): 4895752 | Size: 126415 MB\n5 - Basic data partition | Offset (sectors): 263794696 | Size: 94911 MB\n6 - Windows Recovery Environment | Offset (sectors): 458173448 | Size: 20480 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
        }
    }
}


  • 0

#10
Bruce1270
Posted 05 September 2015 - 05:27 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Legna

Thanks for the report but it's not in a format which is easily readable. Apologies for asking for this.

we'll try to get the rogue killer report another way. We'll use FRST to search the contents of the folder.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

folder: C:\ProgramData\RogueKiller\Logs

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Also please note RogueKiller can be very aggressive in what it finds and removes. It is safer to have this checked by someone experienced in using the tool in case it tries to remove important files which may make your machine inoperable. :)


  • 0

Advertisements

#11
legna
Posted 05 September 2015 - 08:43 AM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi,

 

Here's the RogueKiller report.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by LENOVO (2015-09-05 22:40:48) Run:2
Running from C:\Users\LENOVO\Desktop
Loaded Profiles: UpdatusUser & LENOVO (Available Profiles: UpdatusUser & LENOVO)
Boot Mode: Normal
==============================================

fixlist content:
*****************
folder: C:\ProgramData\RogueKiller\Logs
*****************


========================= folder: C:\ProgramData\RogueKiller\Logs ========================

2015-02-20 21:45 - 2015-02-20 21:45 - 0004470 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_02202015_214533.log
2015-07-10 11:38 - 2015-07-10 11:38 - 0011401 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_07102015_113844.json
2015-09-01 01:58 - 2015-09-01 01:58 - 0046324 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_09012015_015812.json
2015-09-01 02:00 - 2015-09-01 02:00 - 0044604 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_09012015_020032.json
2015-09-01 02:00 - 2015-09-01 02:00 - 0044604 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_09012015_020037.json
2015-09-01 02:18 - 2015-09-01 02:18 - 0013826 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_DEL_09012015_021817.json
2015-02-20 19:18 - 2015-02-20 19:18 - 0004328 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02202015_191821.log
2015-02-22 20:31 - 2015-02-22 20:31 - 0002955 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02222015_203159.log
2015-02-25 07:03 - 2015-02-25 07:03 - 0003515 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_02252015_070336.log
2015-06-04 12:30 - 2015-06-04 12:30 - 0003406 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_06042015_123026.log
2015-07-09 04:27 - 2015-07-09 04:27 - 0010533 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_07092015_042704.json
2015-07-10 11:37 - 2015-07-10 11:37 - 0010781 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_07102015_113726.json
2015-07-10 11:57 - 2015-07-10 11:57 - 0003676 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_07102015_115707.json
2015-09-01 01:41 - 2015-09-01 01:41 - 0046065 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_014115.json
2015-09-01 01:57 - 2015-09-01 01:57 - 0046300 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_015719.json
2015-09-01 02:00 - 2015-09-01 02:00 - 0044596 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_020020.json
2015-09-01 02:16 - 2015-09-01 02:16 - 0013822 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_021606.json
2015-09-01 02:18 - 2015-09-01 02:18 - 0013822 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_021807.json
2015-09-01 02:20 - 2015-09-01 02:20 - 0011205 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_022021.json
2015-09-01 02:49 - 2015-09-01 02:49 - 0031164 _____ () C:\ProgramData\RogueKiller\Logs\RKreport_SCN_09012015_024924.json

====== End of Folder: ======


==== End of Fixlog 22:40:49 ====


  • 0

#12
Bruce1270
Posted 06 September 2015 - 02:11 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Legna

RogueKiller has removed a couple of files relating to AVAST which are perfectly legitimate. This may be causing AVAST not to function properly so we will uninstall and then re install it.

As I mentioned earlier, Rogue Killer is extremely aggressive in what it removes and should be used under supervision.

We will also run a scan using ESET online scanner. Don't worry about not having an AV. ESET requires it to be disabled anyway while it is scanning. :)

Step1 - Uninstall AVAST
  • Download Avast Uninstall Utility to your Desktop.
  • Download the correct version of Avast - Avast Free
  • Disconnect from the net
  • Uninstall Avast via control panel -> Uninstall a program or Programs and Features
  • Locate AVAST and click Uninstall
  • Then Run the uninstall tool and accept the reboot to safe mode
  • Once complete reboot your system.


    Step2 - ESET scan


    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.


    Step3 - Reinstall AVAST
  • Reinstall AVAST using the file previously downloaded to your desktop.
  • Right click the file and select Run as Administrator.
  • Follow the on screen instructions to install AVAST.

    Things for your next post:
  • ESET log
  • Any issues with uninstalling/reinstalling AVAST?
  • With AVAST reinstalled are you still having issues?

    Thanks

  • 0

#13
legna
Posted 06 September 2015 - 10:48 AM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi,

 

The Esetonlinescanner\log.txt is as follows:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7ff1da2b3e472f479c07de5d7b8bf3ee
# end=init
# utc_time=2015-09-06 10:05:19
# local_time=2015-09-06 06:05:19 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25625
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7ff1da2b3e472f479c07de5d7b8bf3ee
# end=updated
# utc_time=2015-09-06 10:15:18
# local_time=2015-09-06 06:15:18 (+0800, Malay Peninsula Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7ff1da2b3e472f479c07de5d7b8bf3ee
# engine=25625
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-06 10:38:25
# local_time=2015-09-06 06:38:25 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1166104 65756389 0 0
# scanned=196478
# found=1
# cleaned=0
# scan_time=1385
sh=405F977016509FA868A232513EECE0DC7C957A28 ft=1 fh=44f3ccc490b3cd8d vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll"
 

The Eset scan found 1 infected file.

I tried to delete the whole EaseUs folder but I received the following popup:

This action can't be completed because the folder or a file in it is open in another program.

 

I then proceeded to delete the PxeServer.dll

But there is still one more PxeService.exe in the folder.

 

Can you let me know what is EaseUs? Is it possible to delete the whole folder?
Will deleting the whole folder solve my existing problem?
 

 

After resinstall, avast still gives me the same pop up

avast webshield has blocked a harmful web page or file.

Infection.html-Script.inf

 

Windows 8.1 installed itself automatically one fine day and I just could not stop it in time

as I have been using windows 8 all along with no problems.Super fast with my SSD drive!

 

After the upgrade to windows 8.1, I am faced with slow loading

of desktop  shortcut icons, sudden lost of internet connection. I was even asked to

reinstall my whole printer. Though it is still possible to print by ignoring and closing the popup,

it is still a nuisance as it pops up frequently when printer is in use.

 

In order to downgrade from windows 8.1 to 8, I did the following but met with failure.

I went to change pc settings, recovery, refresh your pc without affecting your files.

and press get started.

But it says there was a problem refreshing your pc.

If you have a windows installation or recovery media,insert it and restart the pc from the media.

In fact, I bought this pc with windows 8 on it.

 

Is it possible to revert back to windows 8 or should I be upgrade to windows 10?

 

What is your opinion. Is windows 10 stable?

 

Thanks for your help.

 

 

 

 

 

 


  • 0

#14
Bruce1270
Posted 07 September 2015 - 05:37 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Legna
 

Can you let me know what is EaseUs? Is it possible to delete the whole folder?


EaseUS Todo backup is a third party software which backs up your system and important files and probably came preinstalled on your PC. It is a legitimate and safe application. ESET has identified this as a false positive. I note you have deleted the file PxeServer.dll.

You can restore this file by -

first check the recycle bin and if the file is there right click on it and select restore.
If the file is not present try using a file recovery program such as recuva to recover the file.
 

Is it possible to revert back to windows 8 or should I be upgrade to windows 10?


To revert back to windows 8 you could try to do a system restore to a point before it was installed or perform a clean install of windows. I personally would not recommend either unless you are having serious stability problems with the operating system.
Windows 10 is the latest OS from Microsoft and is being rolled out free to all users of windows 7,8 and 8.1. You may already have the notification to sign up. If you are concerned about upgrading or want more information first there is a windows 10 forum here on GTG which you can follow or post a topic to. I personally have not really used windows 10 yet so can't give you any opinion on it.
 

After resinstall, avast still gives me the same pop up


AVAST certainly appears to be functioning properly and is flagging a script running on the website as being potentially dangerous, thereby protecting your PC. Your machine appears to be clean so my advice would be to notify AVAST so that they can analyse this. You can do this on the pop up that appears by clicking Report as False Positive.
I would also notify the administrator of the website in question as it may be that it has been compromised.

Before I give the all clear please confirm what issues remain and how the system is currently?
  • 0

#15
legna
Posted 07 September 2015 - 10:31 AM

legna

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi,

 

I could not find PxeServer.dll after scanning with recuva.

 

However, I could log in to my account in that site using android.

 

Initially, I could log in with no problems to my account in that website when using my pc one month ago.

This problem of avast popup only happen after one month

of logging in to my account.

 

The people in the company was telling me that my pc is infected as nobody

there is facing such a problem.

 

I also feel that my pc is somehow infected as no matter what account number

I key in, i still receive the same popup from that site.

 

I even tried borrowing someone's android to log in to my account in that site without any problem.

 

If the site indeed has a potentially dangerous script present, why

no one in the company is facing such a problem as thousands of them are using it.

 

The only issue that is presently giving me a headache is still being unable to proceed further

logging in to my account. as avast emits a ding song sound saying threat is detected.

Can I just cancel the popup and proceed to my account?


Edited by legna, 07 September 2015 - 10:33 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP