Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer and Spotty Internet Connection


  • This topic is locked This topic is locked

#1
NatiePotatie

NatiePotatie

    Member

  • Member
  • PipPip
  • 20 posts

Hi everyone,

 

My computer seems to be very slow at the moment, and I'm also having connectivity issues when trying to access websites. It's ALL websites, not just a particular one. At the moment I'm not sure if it's a hardware issue (router) or a software issue. I thought I would have someone here take a look and see if any malicious files pop-up that might be the root cause. I know that there used to be malicious files on the computer in the past, but I ran a few tools that seemed to fix the issue. Thank you in advance!

 

Here are the two log files: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by wendy (administrator) on SCHILLINGPC (26-11-2015 17:09:12)
Running from C:\Users\wendy\Desktop
Loaded Profiles: wendy (Available Profiles: wendy & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TPV-INVENTA TECHNOLOGY CO., LTD.) C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe
() C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(TPV-INVENTA TECHNOLOGY CO., LTD) C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-18] (Primax Electronics Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DrvInst] => C:\Program Files (x86)\Lenovo\Driver & Application Auto-installation\Bpd.exe [515928 2012-09-03] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{AE9F4~1/190~1.1/lefa.dll => C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\lefa.dll [966144 2015-01-24] ()
AppInit_DLLs-x32:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{0018BDE0-5E87-4C03-8A85-B6D7735A0827}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{317EE491-2A17-4357-B336-03ACF68E5CFC}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {5D0E24A2-78F5-4645-B9D9-9472D9AE6CB7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131042,19890,0,25,0
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {D4929332-219D-4437-8AAA-4F95180CB5A3} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
 
Chrome: 
=======
CHR Profile: C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Google Search) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (No Name) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]
CHR Extension: (Gmail) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LEMo602D; C:\Windows\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
R3 LEub602D; C:\Windows\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 17:09 - 2015-11-26 17:09 - 00022009 _____ C:\Users\wendy\Desktop\FRST.txt
2015-11-26 17:02 - 2015-11-26 17:09 - 00000000 ____D C:\FRST
2015-11-26 17:00 - 2015-11-26 17:00 - 02348544 _____ (Farbar) C:\Users\wendy\Desktop\FRST64.exe
2015-11-24 13:47 - 2015-11-24 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-11-13 13:47 - 2015-11-13 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-11-11 13:47 - 2015-11-11 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-11-11 06:52 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:52 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:52 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:52 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 06:52 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:52 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 06:52 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 06:52 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 06:52 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 06:52 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 06:52 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 06:52 - 2015-09-12 07:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:36 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:36 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:36 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:36 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:36 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:36 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:36 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:36 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:36 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-09-29 06:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:35 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-10 19:35 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-10 19:30 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:30 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:30 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:30 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:30 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:29 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:29 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:29 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:29 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:29 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 19:29 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-08 08:40 - 2015-11-08 08:40 - 00075838 _____ C:\Users\wendy\Downloads\Lego Friends Rescue Base.jfif
2015-11-07 16:08 - 2015-11-07 16:08 - 00000000 _____ C:\Users\wendy\AppData\Local\{3441B966-1E30-424F-9056-4B59D883B2B3}
2015-11-06 13:47 - 2015-11-06 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{B9ABF72C-2B8C-4466-A32B-DF20134AED24}
2015-11-06 03:05 - 2015-11-06 03:05 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-11-06 03:05 - 2015-11-06 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-11-03 18:10 - 2015-11-03 18:10 - 00000000 _____ C:\Users\wendy\AppData\Local\{F70007E8-BA19-4D78-985C-B5A7C5A25A6C}
2015-11-01 13:47 - 2015-11-01 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{15135D05-20BE-4E7C-B82D-1DC0E37F554F}
2015-10-30 12:47 - 2015-10-30 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{38C9BF8B-1E54-4BCA-BA19-DC73F09BE67A}
2015-10-28 12:47 - 2015-10-28 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{D36816FC-F195-460C-ABCB-7BCE12DF09C1}
2015-10-27 12:47 - 2015-10-27 12:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{D2122FB7-DB86-492E-A19E-3581B5FB5A04}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-26 17:02 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-11-26 15:48 - 2014-07-28 16:28 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-26 15:46 - 2014-07-27 19:32 - 00000000 ____D C:\Users\wendy\AppData\Local\ElevatedDiagnostics
2015-11-26 14:33 - 2013-10-19 17:04 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23A68A7E-00C5-433E-85A2-71EC8D7C75FD}
2015-11-24 13:47 - 2014-07-28 16:28 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 20:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-19 19:45 - 2013-10-19 17:02 - 00000000 __RDO C:\Users\wendy\SkyDrive
2015-11-19 19:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 18:44 - 2013-09-29 22:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-19 18:44 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-19 18:40 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-19 18:40 - 2013-08-22 08:44 - 00371720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-19 18:38 - 2013-08-22 07:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-11-19 18:37 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 00:49 - 2014-07-28 16:35 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 12:52 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 12:50 - 2013-08-17 01:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 12:37 - 2013-07-24 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-07 11:03 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-06 03:06 - 2015-08-06 13:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 03:06 - 2015-08-06 13:29 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-06 03:05 - 2015-08-06 13:29 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-11-05 20:47 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-02 18:23 - 2014-11-18 21:16 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 18:23 - 2014-11-18 21:15 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-01 06:22 - 2015-01-12 21:59 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 03:55 - 2014-01-11 17:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-30 03:55 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
 
==================== Files in the root of some directories =======
 
2013-08-08 14:08 - 2013-08-08 14:08 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-09 18:27 - 2013-12-09 18:27 - 0000288 _____ () C:\Users\wendy\AppData\Roaming\.backup.dm
2013-10-18 12:00 - 2013-06-27 09:36 - 0192512 ____H () C:\Users\wendy\AppData\Local\common_functions.dll
2013-06-27 09:36 - 2013-06-27 09:36 - 0114688 ____H () C:\Users\wendy\AppData\Local\ie_runner_app.exe
2013-10-18 12:00 - 2012-06-26 04:59 - 0940544 ____H (Apache Software Foundation) C:\Users\wendy\AppData\Local\log4cxx.dll
2015-07-14 06:29 - 2015-07-14 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{069E3ED4-8CDC-400C-BC88-B5BCFF252151}
2015-06-20 17:41 - 2015-06-20 17:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{110F9870-4E2F-4B59-A7FF-8EDD6C9D2317}
2015-11-01 13:47 - 2015-11-01 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{15135D05-20BE-4E7C-B82D-1DC0E37F554F}
2015-10-06 12:47 - 2015-10-06 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1B9E8D18-5B0C-4C01-8A23-3B5C304C03B6}
2015-04-20 17:45 - 2015-04-20 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1DDA70ED-3574-420E-B7AA-C4FA391F7DFC}
2015-06-24 06:29 - 2015-06-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1FEC92C0-8E5D-4A7E-90AF-AD40D5236C78}
2015-06-26 06:29 - 2015-06-26 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{2D8D0F3D-D8BE-43A5-AD5D-58EF912469EC}
2015-11-07 16:08 - 2015-11-07 16:08 - 0000000 _____ () C:\Users\wendy\AppData\Local\{3441B966-1E30-424F-9056-4B59D883B2B3}
2015-10-30 12:47 - 2015-10-30 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38C9BF8B-1E54-4BCA-BA19-DC73F09BE67A}
2015-08-01 00:35 - 2015-08-01 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38E649A8-C06A-45B7-B14A-01034C9B4543}
2015-08-22 00:35 - 2015-08-22 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{430B5E45-FBBA-4F9E-9F3A-1ADAF7654337}
2015-08-29 20:41 - 2015-08-29 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{4BD56954-D807-4844-9F86-2D4CA4555C07}
2015-07-18 15:18 - 2015-07-18 15:18 - 0000000 _____ () C:\Users\wendy\AppData\Local\{624B602E-6D26-4AF6-BD82-B393703CB7AB}
2015-10-13 06:03 - 2015-10-13 06:03 - 0000000 _____ () C:\Users\wendy\AppData\Local\{6B8CC477-7FC3-4E5C-A9C7-1C4194BE3FAA}
2015-10-24 12:47 - 2015-10-24 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{722561CA-DFC4-4CB4-BE31-08A468563E9A}
2015-11-13 13:47 - 2015-11-13 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-06-28 06:29 - 2015-06-28 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{78886CB7-6662-4BF6-9BB6-C0BC2C75E15A}
2015-04-22 17:45 - 2015-04-22 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7A2405BA-B6C9-467D-A1B4-A10896706AD3}
2015-06-15 06:29 - 2015-06-15 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7B290F10-B94B-44EE-86A7-973FE33C0128}
2015-09-06 20:41 - 2015-09-06 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83720732-A486-42BB-B2B1-4A04A1631D2B}
2015-11-24 13:47 - 2015-11-24 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-11-11 13:47 - 2015-11-11 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-04-21 17:45 - 2015-04-21 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{94296B03-C699-4E5C-AF6F-DD88EE5A6521}
2015-06-22 06:29 - 2015-06-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A500015C-CDCB-4A7D-BC16-AB13211F0392}
2015-09-11 20:41 - 2015-09-11 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A5C22D0B-5D8E-4022-B7EB-C75436967C39}
2015-06-17 06:29 - 2015-06-17 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD1B6D5D-B922-44D6-9AF8-AE8D021B55AC}
2015-08-26 17:00 - 2015-08-26 17:00 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD3753E3-96B0-4874-B7E5-906E15A2B8D3}
2015-06-25 06:29 - 2015-06-25 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B07F0F2B-8ED7-4959-A933-15BDA63ADD5D}
2015-07-23 00:35 - 2015-07-23 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B0FB6489-F2C1-4D7C-A16B-2FCA7DB996A9}
2015-07-16 00:35 - 2015-07-16 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B2048CBC-8B2C-4F3E-8F92-0057B099EF25}
2015-07-17 00:35 - 2015-07-17 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B7B80A39-180E-4BCF-8AEF-C5DA856A5386}
2015-11-06 13:47 - 2015-11-06 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B9ABF72C-2B8C-4466-A32B-DF20134AED24}
2015-07-09 06:29 - 2015-07-09 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BB179260-8E99-454F-9785-8FB46993E6DB}
2015-09-29 12:47 - 2015-09-29 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BC9F1C3E-A4B4-4C00-B0BF-84B3317C2738}
2015-09-22 18:41 - 2015-09-22 18:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C26632A8-32C3-40A2-91A0-33A0DEFA0239}
2015-07-30 00:35 - 2015-07-30 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C5CB08E3-9549-4972-8EA5-F65736FEE0F6}
2015-09-20 12:47 - 2015-09-20 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D1CD6D91-06F9-4F2B-879E-370CA19BEC93}
2015-10-27 12:47 - 2015-10-27 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D2122FB7-DB86-492E-A19E-3581B5FB5A04}
2015-10-28 12:47 - 2015-10-28 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D36816FC-F195-460C-ABCB-7BCE12DF09C1}
2015-07-11 06:29 - 2015-07-11 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D75A69AF-DA36-40B3-AE04-72A0ADA1BBE0}
2015-07-26 00:35 - 2015-07-26 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DB9B9209-E11B-4B21-9C7B-CDFEA77FF65C}
2015-05-24 06:29 - 2015-05-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEB9E28D-F9E3-49C2-B604-79474D14CB51}
2015-07-05 20:52 - 2015-07-05 20:52 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEC8628E-5F1E-46B3-A1A2-D0C2E5363623}
2015-07-13 06:29 - 2015-07-13 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E171084E-4FA7-4443-AE0B-9E9BB0E78E71}
2015-05-22 06:29 - 2015-05-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E44E9E29-9DC5-4383-8DEC-AC5785CCD3AD}
2015-10-08 12:47 - 2015-10-08 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E638D5D6-13DC-4025-915D-6476D561236B}
2015-08-06 13:40 - 2015-08-06 13:40 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E6BD08D1-7655-4E53-B4AE-84300A6553FF}
2015-09-17 12:47 - 2015-09-17 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F1A3865B-DDDB-4416-9B8D-FF0C2FD6F351}
2015-09-10 06:09 - 2015-09-10 06:09 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F550ADF8-0A25-4C29-A443-496EBB56CEDC}
2015-11-03 18:10 - 2015-11-03 18:10 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F70007E8-BA19-4D78-985C-B5A7C5A25A6C}
2015-06-29 06:29 - 2015-06-29 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{FD76CF26-49A6-4328-AECA-104A67C1D980}
2013-05-30 02:51 - 2013-05-30 02:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-30 02:56 - 2013-05-30 02:56 - 0000198 ____H () C:\ProgramData\Lenovo-10516.vbs
2013-05-30 02:56 - 2013-05-30 02:56 - 0000198 ____H () C:\ProgramData\Lenovo-10562.vbs
 
Files to move or delete:
====================
C:\ProgramData\Lenovo-10516.vbs
C:\ProgramData\Lenovo-10562.vbs
 
 
Some files in TEMP:
====================
C:\Users\wendy\AppData\Local\Temp\mpam-5675fe71.exe
C:\Users\wendy\AppData\Local\Temp\mpam-a57a0532.exe
C:\Users\wendy\AppData\Local\Temp\mpam-bca53d14.exe
C:\Users\wendy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\wendy\AppData\Local\Temp\_is9DFE.exe
C:\Users\wendy\AppData\Local\Temp\{0D485AD8-5B21-4A32-82AC-8B1394B26FDF}-43.0.2357.65_42.0.2311.90_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{14719E8E-FF8A-44EF-8940-C24B1D990AFE}-46.0.2490.86_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{1602FCB1-4A8E-4985-83E1-DCA076A24EBF}-46.0.2490.71_45.0.2454.101_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{195001F8-83DF-4562-9ED5-207F3F2A6F0B}-43.0.2357.132_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{26B4DAE9-FCAC-4EF1-8D35-8096D89EA351}-46.0.2490.71_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{2D713F4E-E3D7-4426-A213-29BDF21BABA6}-44.0.2403.89_43.0.2357.134_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{2FA2A1DC-D182-424F-9463-AF15EE0DC93B}-42.0.2311.90_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{38307534-4163-418E-A3F0-02AAD6CCF4D3}-44.0.2403.130_44.0.2403.125_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{3C610C77-BFDB-4F27-B96A-0B1431B1A8EB}-45.0.2454.93_45.0.2454.85_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{41C89F9A-9B65-4542-BCEA-D03FCC0F2F3F}-43.0.2357.132_43.0.2357.130_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{43DF90B1-5CF7-4F6A-81B2-9F3B39FF3E9D}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{4F8DACC1-2154-47BA-8DF7-FE4A0A80118F}-41.0.2272.118_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{50B43127-2F37-43D1-B1DD-B2383D38F787}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{56C195CA-C865-4F47-9CB4-72ED3A8319AA}-43.0.2357.65_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{59C071DD-EF0A-4D81-9BC1-A4BDE78D4186}-43.0.2357.130_43.0.2357.124_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{611BC64A-F8D7-4B9A-A410-BFBC2FDF89DA}-43.0.2357.124_43.0.2357.65_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{6BF689B5-B275-4E48-92AB-951FCA32550E}-44.0.2403.155_44.0.2403.130_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{746728E6-D1DA-4A19-9C9F-2695B19E724D}-45.0.2454.101_45.0.2454.99_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{75E307AB-A938-426A-A9C3-C83CD2E93E43}-44.0.2403.107_44.0.2403.89_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{7D17A395-6003-4BBA-8F9C-354C80007F06}-44.0.2403.125_44.0.2403.107_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{83E1712C-3E79-46F4-B249-F3B0DA2BE1C0}-46.0.2490.80_46.0.2490.71_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{858C3519-3CB6-4906-9467-E664742A794A}-44.0.2403.89_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{8B9EC845-15B6-42B5-A030-D8C417840918}-43.0.2357.134_43.0.2357.132_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{912E262B-69B2-4A5E-9014-8E7C0E2C6D77}-43.0.2357.124_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{93358086-21F7-4966-879F-539A2894FEC2}-45.0.2454.99_45.0.2454.93_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{B36874BB-AC03-4886-BFB7-00100A5E7B98}-46.0.2490.86_46.0.2490.80_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{C84F8028-8072-4BF5-B666-C6831F30427C}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{CFA2678A-0AA1-47A4-9DAA-3C4720FDFC79}-44.0.2403.157_44.0.2403.155_chrome_updater.exe
C:\Users\wendy\AppData\Local\Temp\{D31DCAC5-5EC6-4810-B66C-0691289C20FE}-GoogleUpdateSetup.exe
C:\Users\wendy\AppData\Local\Temp\{F5E763D0-5CBF-4151-9916-84513B2F154A}-46.0.2490.80_chrome_installer.exe
C:\Users\wendy\AppData\Local\Temp\{F87C147E-1F08-48DF-AF9A-2539A37A049D}-45.0.2454.85_44.0.2403.157_chrome_updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-19 18:51
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by wendy (2015-11-26 17:10:07)
Running from C:\Users\wendy\Desktop
Windows 8.1 (X64) (2013-10-19 22:59:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2186271191-3458891878-1518541264-500 - Administrator - Disabled)
Guest (S-1-5-21-2186271191-3458891878-1518541264-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2186271191-3458891878-1518541264-1005 - Limited - Enabled)
wendy (S-1-5-21-2186271191-3458891878-1518541264-1001 - Administrator - Enabled) => C:\Users\wendy
zschi_000 (S-1-5-21-2186271191-3458891878-1518541264-1006 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.8 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
TNIOSDVolumeSync (x32 Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
VNC Server 5.2.1 (HKLM\...\{6B624E00-364E-4F07-9768-BFEF08692CB0}) (Version: 5.2.1 - RealVNC Ltd)
VNC Viewer 5.2.1 (HKLM\...\{F5572534-DC0E-428B-A24B-C9D312C63359}) (Version: 5.2.1 - RealVNC Ltd)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
11-11-2015 12:36:02 Windows Update
19-11-2015 19:35:52 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-02-08 20:54 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05AD421F-C80F-4099-8B22-3CB907C122EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {0C524683-4352-4F7A-975D-3065B8D40122} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1E06C527-0826-4E83-83A0-EB2FEAFFFB98} - System32\Tasks\Lenovo\Lenovo-10516 => C:\ProgramData\Lenovo-10516.vbs [2013-05-30] ()
Task: {2AAEEB7D-BFB0-46AF-A5FE-51C74D54333D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {55EE8601-9FC8-4160-92BE-437509DF4D4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5EB92DA3-01BD-4358-9DB9-8574E6DCCC00} - System32\Tasks\Lenovo\Lenovo-10562 => C:\ProgramData\Lenovo-10562.vbs [2013-05-30] ()
Task: {A7F8C194-7803-4B15-A498-12C8943C360C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CCD4FD81-4E9D-4726-8C2D-0B72588DF857} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {CEEF6B53-6672-42EF-A02E-DF2AC1DD1155} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {E5D67E78-72D2-44B2-A00F-BA1B84A77272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8AA04A6-12F4-4FDE-9E28-10252D1D9C13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-20 17:11 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 03:53 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 01739776 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
2013-05-30 02:52 - 2011-05-12 02:29 - 00045056 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsComm.dll
2013-05-30 02:52 - 2011-05-16 20:28 - 00110592 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsUtil.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 00044544 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDrv.dll
2013-05-30 02:52 - 2011-04-19 00:49 - 00038400 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsHooks.dll
2015-10-19 05:41 - 2015-10-19 05:41 - 00472064 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\SugarSyncWin8.Agent\35690532c713020ea1ad4d897f61a31b\SugarSyncWin8.Agent.ni.dll
2015-08-06 14:28 - 2015-08-06 14:28 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\f1407bb1d381cf5dee299c4e5f0fdf9d\Windows.ApplicationModel.ni.dll
2015-10-19 05:42 - 2015-10-19 05:42 - 00099328 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\fb357b0ef59cff36c07e6a8449a54219\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\5ab6059d1e922dc371685c5207f6f7a6\Windows.System.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\eea3e743a58cb4d556fe113d6336020b\Windows.Storage.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll
2015-10-19 05:42 - 2015-10-19 05:42 - 01182720 _____ () C:\Users\wendy\AppData\Local\Packages\c59ad0af.lenovocloudstoragebysugarsync_m3tnjedffpfhj\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um9106121c#\a6b2cea6e8c85aa2234f27310f700efe\nVentive.Umbrella.Web.WinRT.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll
2015-08-06 14:29 - 2015-08-06 14:29 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-30 02:51 - 2012-10-22 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-11-13 00:49 - 2015-11-06 22:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 00:49 - 2015-11-06 22:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wendy\Pictures\dolphin bible verse case.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "DrvInst"
HKLM\...\StartupApproved\Run32: => "Lenovo Dynamic Brightness System"
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\StartupApproved\Run: => "ooVoo.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2521E100-6378-466D-A3E9-03DA1DC9693A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{06E1E97B-0589-4C0E-B04F-5E3D3B4C66DF}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{55043391-B0A0-405B-91FA-716FAE7E1DD8}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{BE34D85F-A9A5-4056-B6C5-0E378F4D1D87}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A74E9B37-3A1F-4A05-AB52-4FDAE0B15CD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED6061F6-36F6-426E-BE30-56B80B0B70ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF98A85-B6E3-4896-99B3-EC310C605694}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98DF14ED-2F06-4724-960E-817979C0E238}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B47F3BE-F48B-4D24-BC63-FB25836C5B67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C192BB8-767D-4A3C-9B26-B5CFE06E16AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DA6EC777-2FEE-4407-84CA-18B5D320FD07}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F980D3A9-1DD8-4CE9-87BF-CE3EDF405C0C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7890ED8B-E2E3-42B9-ABBE-D874DE53415A}] => (Allow) C:\Users\wendy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{E1796A64-F379-4856-ACA9-6472936E9D17}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{94A310E6-2F3E-4DD9-A9EF-C31A6AD679CB}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63B6F2A0-BB43-4ACF-90D7-6E7E44778EA5}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{98A636F4-3969-4C43-BEC1-59FB55EBEEA8}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3860B4D3-55E0-4621-A3F0-12EFDF1108D3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{921A7E5E-6B54-4573-9D8D-DAECCC689FF2}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{2ECBBCDF-4D22-46A0-B277-2A9C4237CABF}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{00DA4837-027D-4AE2-8228-3E003A674A1D}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{11C18B54-5915-4404-B1FF-49433EFCB301}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{33B69A5E-A656-4206-B015-490571C132CB}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{3635C314-2391-4EC4-9FED-ABC5F6C221C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: Database recovery/restore failed with unexpected error -1032.
 
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/26/2015 05:10:45 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {D3E63344-B968-490C-B7F1-850E6774E3C0}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: Database recovery/restore failed with unexpected error -1032.
 
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/26/2015 05:10:35 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {96A7876E-D353-4343-A181-E817C2804D2E}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/26/2015 05:10:17 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: Database recovery/restore failed with unexpected error -1032.
 
Error: (11/26/2015 05:10:16 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/26/2015 05:10:15 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1596) {1AE6156D-B45A-43D6-B018-DF8EE21E1E73}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/26/2015 05:10:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1596) {A5516E34-0798-41F8-A475-3F22483089FF}: Database recovery/restore failed with unexpected error -1032.
 
 
System errors:
=============
Error: (11/26/2015 04:17:43 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.
 
Error: (11/26/2015 03:51:56 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.254.3 with the system
having network hardware address 90-8D-6C-1A-1D-58. Network operations on this system may
be disrupted as a result.
 
Error: (11/26/2015 02:41:50 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:48 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/26/2015 02:41:43 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (11/19/2015 07:38:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows8_OS.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
 
CodeIntegrity:
===================================
  Date: 2015-11-26 17:01:46.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 17:01:46.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-10 18:54:40.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-10 18:54:40.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-23 17:26:31.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-23 17:26:31.395
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-05 14:06:52.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 13:17:16.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-09 23:18:50.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-09 23:18:50.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3984.59 MB
Available physical RAM: 2451.39 MB
Total Virtual: 10128.59 MB
Available Virtual: 7876.68 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:850.95 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C5EF4566)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 

 

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Download the enclosed Attached File  fixlist.txt   6.94KB   97 downloads file. Save it in the location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#3
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi zep516, I am still working on this. I apologize for taking so long to get back to you, I have been very busy these last few days.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Take your time no hurry, post when you can :)
  • 0

#5
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you very much, zep! I will be getting back to you today finally! It's been a busy week.
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You're welcome !
  • 0

#7
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi zep! Here are my logs. Thanks!

 

I am also getting some strange errors such as:

 

You need administrator permission to delete this file/rename this file.
 
Can not find script file "C:\ProgramData\Lenovo-10516.vbs".
 
Can not find script file "C:\ProgramData\Lenovo-10562.vbs".

It's strange, because I AM the administrator on this computer, so it doesn't make any sense. As far as the script errors go, I am not sure at all.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by wendy (2015-12-06 18:19:34) Run:1
Running from C:\Users\wendy\Desktop
Loaded Profiles: wendy (Available Profiles: wendy & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
 
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\Lenovo-10516.vbs
C:\ProgramData\Lenovo-10562.vbs
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {5D0E24A2-78F5-4645-B9D9-9472D9AE6CB7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131042,19890,0,25,0
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> {D4929332-219D-4437-8AAA-4F95180CB5A3} URL = 
Toolbar: HKU\S-1-5-21-2186271191-3458891878-1518541264-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\Lenovo-10516.vbs => moved successfully
C:\ProgramData\Lenovo-10562.vbs => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Classes\exefile" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDrives => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\Wow6432Node\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D0E24A2-78F5-4645-B9D9-9472D9AE6CB7}" => key removed successfully
HKCR\CLSID\{5D0E24A2-78F5-4645-B9D9-9472D9AE6CB7} => key not found. 
"HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
"HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4929332-219D-4437-8AAA-4F95180CB5A3}" => key removed successfully
HKCR\CLSID\{D4929332-219D-4437-8AAA-4F95180CB5A3} => key not found. 
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {090C3CE0-3BD2-4495-90FA-F2D6CA65E004}.
{94C1F534-F8E6-4C3E-9EAD-7EE4FDA4CD67} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 8.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:35:38 ====
 
 
# AdwCleaner v5.023 - Logfile created 06/12/2015 at 18:48:35
# Updated 30/11/2015 by Xplode
# Database : 2015-12-06.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : wendy - SCHILLINGPC
# Running from : C:\Users\wendy\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
 
***** [ Web browsers ] *****
 
[-] [C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : amazon.com
[-] [C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vosteran.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1549 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by wendy (Administrator) on Sun 12/06/2015 at 19:21:23.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/06/2015 at 19:22:30.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Lets run a Malwarebytes scan.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#9
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hey zep, here is my malwarebytes scan. Should I select all of them from the list and choose to "Delete All"? Right now it just looks like they are in the quarantine. Thanks!

 

Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/8/2015
Scan Time: 7:40 PM
Logfile: Scan1.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.09.01
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: wendy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390831
Time Elapsed: 12 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3EE56BF3-F630-4471-AADA-EB20FEBE05B8}, Quarantined, [798c940f0f7c57df4138c731d42fe719], 
 
Registry Values: 5
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3EE56BF3-F630-4471-AADA-EB20FEBE05B8}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE, Quarantined, [798c940f0f7c57df4138c731d42fe719]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2521E100-6378-466D-A3E9-03DA1DC9693A}, v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [29dcecb75b3045f109defaf8b94a659b]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{06E1E97B-0589-4C0E-B04F-5E3D3B4C66DF}, v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [e223b3f0088323138a5df7fbff04bb45]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{55043391-B0A0-405B-91FA-716FAE7E1DD8}, v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [a461dac93f4c5cdacb1cc32f48bb26da]
PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{BE34D85F-A9A5-4056-B6C5-0E378F4D1D87}, v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, Quarantined, [2fd66f348407e94d54934ea45ca735cb]
 
Registry Data: 1
PUP.Optional.Fiber.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:/PROGRA~3/{AE9F4~1/190~1.1/lefa.dll C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL, Good: (), Bad: (C:/PROGRA~3/{AE9F4~1/190~1.1/lefa.dll),Replaced,[7a8b6f341576d85e37d5cbd6c83ab14f]
 
Folders: 7
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive\CH, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive\CH\wendy, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive\CH\wendy\Default, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
 
Files: 9
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\fiber.js, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\dExtent, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\extent, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\hdat1, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\hdat2, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\lefa.dll, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\sqlite3.dll, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive\CH\wendy\Default\Preferences, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
PUP.Optional.Fiber.AppFlsh, C:\ProgramData\{AE9F465C-FE1D-97DA-4F9B-E7589F1934D6}\1.9.0.1\data\archive\CH\wendy\Default\Secure Preferences, Quarantined, [7a8b6f341576d85e37d5cbd6c83ab14f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Delete all,

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

Advertisements


#11
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Here are both of the scans, sir! Thanks again for your assistance

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by wendy (administrator) on SCHILLINGPC (08-12-2015 21:17:23)
Running from C:\Users\wendy\Desktop
Loaded Profiles: wendy (Available Profiles: wendy & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TPV-INVENTA TECHNOLOGY CO., LTD.) C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
(TPV-INVENTA TECHNOLOGY CO., LTD) C:\Program Files (x86)\TNIOSDVolumeSync\TNIOSDVolumeSync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-18] (Primax Electronics Ltd.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DrvInst] => C:\Program Files (x86)\Lenovo\Driver & Application Auto-installation\Bpd.exe [515928 2012-09-03] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{0018BDE0-5E87-4C03-8A85-B6D7735A0827}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{317EE491-2A17-4357-B336-03ACF68E5CFC}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Google Search) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (No Name) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]
CHR Extension: (Gmail) - C:\Users\wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-11-30] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-30] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-29] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LEMo602D; C:\Windows\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
R3 LEub602D; C:\Windows\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-08-21] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-08 21:17 - 2015-12-08 21:17 - 00015188 _____ C:\Users\wendy\Desktop\FRST.txt
2015-12-08 20:06 - 2015-12-08 21:13 - 00000342 _____ C:\Users\wendy\Desktop\Scan1.txt
2015-12-06 20:13 - 2015-12-06 20:13 - 00003880 _____ C:\WINDOWS\System32\Tasks\Wake up for Joe
2015-12-06 19:44 - 2015-12-06 19:44 - 04855608 _____ (LogMeIn, Inc.) C:\Users\wendy\Downloads\LogMeIn Client.exe
2015-12-06 19:40 - 2015-12-08 19:56 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-12-06 19:40 - 2015-12-06 19:40 - 00000000 ____D C:\Users\wendy\AppData\Local\LogMeIn
2015-12-06 19:40 - 2015-11-30 15:07 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-12-06 19:40 - 2015-11-30 15:07 - 00035328 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-12-06 19:40 - 2015-06-15 08:14 - 00072216 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2015-12-06 19:39 - 2015-12-08 20:27 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-06 19:39 - 2015-12-06 19:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-12-06 19:39 - 2015-12-06 19:39 - 00001024 _____ C:\.rnd
2015-12-06 19:39 - 2015-12-06 19:39 - 00000927 _____ C:\Users\wendy\Desktop\Downloads - Shortcut.lnk
2015-12-06 19:39 - 2015-11-30 15:07 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-12-06 19:33 - 2015-12-06 19:35 - 25841664 _____ C:\Users\wendy\Downloads\LogMeIn.msi
2015-12-06 19:17 - 2015-12-06 19:45 - 00000251 _____ C:\Users\wendy\Desktop\Weird Errors.txt
2015-12-06 18:42 - 2015-12-06 18:42 - 00000000 _____ C:\Users\wendy\AppData\Local\{6059F42B-50F6-4AD1-BECF-CC75A19A27B6}
2015-12-06 18:15 - 2015-12-06 18:15 - 01599336 _____ (Malwarebytes) C:\Users\wendy\Desktop\JRT.exe
2015-12-06 18:14 - 2015-12-06 18:15 - 01736704 _____ C:\Users\wendy\Desktop\adwcleaner_5.023.exe
2015-12-04 20:52 - 2015-12-04 20:52 - 00000000 _____ C:\Users\wendy\AppData\Local\{334BACF1-E3FF-4022-A404-BFACCA8F755D}
2015-12-02 13:47 - 2015-12-02 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{89E124A2-1892-4F50-945C-F58CB78FEBDA}
2015-11-30 15:00 - 2015-11-30 15:00 - 00035616 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2015-11-30 15:00 - 2015-11-30 15:00 - 00014624 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2015-11-30 15:00 - 2015-11-30 15:00 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys
2015-11-30 13:47 - 2015-11-30 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{3FB72E6D-1EC5-4017-B94E-6CCC98D95B05}
2015-11-29 20:36 - 2015-11-29 20:37 - 01733632 _____ C:\Users\wendy\Downloads\adwcleaner_5.022.exe
2015-11-29 20:26 - 2015-12-06 18:18 - 00000000 ____D C:\Users\wendy\Desktop\FRST-OlderVersion
2015-11-26 20:06 - 2015-11-26 20:07 - 00000289 _____ C:\Users\wendy\Desktop\For Wendy.txt
2015-11-26 17:02 - 2015-12-08 21:17 - 00000000 ____D C:\FRST
2015-11-26 17:00 - 2015-12-06 18:18 - 02369024 _____ (Farbar) C:\Users\wendy\Desktop\FRST64.exe
2015-11-24 13:47 - 2015-11-24 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-11-13 13:47 - 2015-11-13 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-11-11 13:47 - 2015-11-11 13:47 - 00000000 _____ C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-11-11 06:52 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:52 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:52 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 06:52 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:52 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 06:52 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:52 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:52 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 06:52 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 06:52 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 06:52 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 06:52 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 06:52 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:52 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 06:52 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 06:52 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:52 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 06:52 - 2015-09-12 07:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:36 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:36 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:36 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:36 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:36 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:36 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:36 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:36 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:36 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:36 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-09-29 06:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:35 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-10 19:35 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-10 19:30 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:30 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:30 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:30 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:30 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:30 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:30 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:30 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:29 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:29 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:29 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:29 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:29 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:29 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 19:29 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-08 08:40 - 2015-11-08 08:40 - 00075838 _____ C:\Users\wendy\Downloads\Lego Friends Rescue Base.jfif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-08 21:15 - 2014-08-31 17:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-08 21:12 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-08 20:52 - 2014-07-28 16:28 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 20:47 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-08 20:45 - 2013-10-27 19:07 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2015-12-08 20:01 - 2013-09-29 22:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-08 20:01 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-08 19:59 - 2013-10-19 17:02 - 00000000 __RDO C:\Users\wendy\SkyDrive
2015-12-08 19:56 - 2014-08-31 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-08 19:56 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-08 19:37 - 2014-08-31 17:38 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-08 19:37 - 2014-08-31 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-08 16:09 - 2013-10-19 17:04 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23A68A7E-00C5-433E-85A2-71EC8D7C75FD}
2015-12-06 18:48 - 2015-04-12 19:58 - 00000000 ____D C:\AdwCleaner
2015-12-06 18:48 - 2013-08-22 07:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 18:42 - 2013-10-19 16:59 - 00000008 __RSH C:\Users\wendy\ntuser.pol
2015-12-06 18:42 - 2013-10-19 14:01 - 00000000 ____D C:\Users\wendy
2015-12-06 18:20 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-06 18:20 - 2013-08-01 12:41 - 00000000 ____D C:\Users\wendy\AppData\LocalLow\Temp
2015-12-06 18:20 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-06 17:56 - 2014-07-28 16:35 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-04 20:47 - 2014-07-28 16:28 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 20:47 - 2014-07-28 16:28 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 20:47 - 2014-07-28 16:28 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 14:12 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 10:39 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-28 10:38 - 2014-01-11 17:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-26 17:10 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-11-26 15:46 - 2014-07-27 19:32 - 00000000 ____D C:\Users\wendy\AppData\Local\ElevatedDiagnostics
2015-11-19 19:37 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-19 18:40 - 2013-08-22 08:44 - 00371720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-19 18:37 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 12:50 - 2013-08-17 01:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 12:37 - 2013-07-24 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2013-08-08 14:08 - 2013-08-08 14:08 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-09 18:27 - 2013-12-09 18:27 - 0000288 _____ () C:\Users\wendy\AppData\Roaming\.backup.dm
2013-10-18 12:00 - 2013-06-27 09:36 - 0192512 ____H () C:\Users\wendy\AppData\Local\common_functions.dll
2013-06-27 09:36 - 2013-06-27 09:36 - 0114688 ____H () C:\Users\wendy\AppData\Local\ie_runner_app.exe
2013-10-18 12:00 - 2012-06-26 04:59 - 0940544 ____H (Apache Software Foundation) C:\Users\wendy\AppData\Local\log4cxx.dll
2015-07-14 06:29 - 2015-07-14 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{069E3ED4-8CDC-400C-BC88-B5BCFF252151}
2015-06-20 17:41 - 2015-06-20 17:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{110F9870-4E2F-4B59-A7FF-8EDD6C9D2317}
2015-11-01 13:47 - 2015-11-01 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{15135D05-20BE-4E7C-B82D-1DC0E37F554F}
2015-10-06 12:47 - 2015-10-06 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1B9E8D18-5B0C-4C01-8A23-3B5C304C03B6}
2015-04-20 17:45 - 2015-04-20 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1DDA70ED-3574-420E-B7AA-C4FA391F7DFC}
2015-06-24 06:29 - 2015-06-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{1FEC92C0-8E5D-4A7E-90AF-AD40D5236C78}
2015-06-26 06:29 - 2015-06-26 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{2D8D0F3D-D8BE-43A5-AD5D-58EF912469EC}
2015-12-04 20:52 - 2015-12-04 20:52 - 0000000 _____ () C:\Users\wendy\AppData\Local\{334BACF1-E3FF-4022-A404-BFACCA8F755D}
2015-11-07 16:08 - 2015-11-07 16:08 - 0000000 _____ () C:\Users\wendy\AppData\Local\{3441B966-1E30-424F-9056-4B59D883B2B3}
2015-10-30 12:47 - 2015-10-30 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38C9BF8B-1E54-4BCA-BA19-DC73F09BE67A}
2015-08-01 00:35 - 2015-08-01 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{38E649A8-C06A-45B7-B14A-01034C9B4543}
2015-11-30 13:47 - 2015-11-30 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{3FB72E6D-1EC5-4017-B94E-6CCC98D95B05}
2015-08-22 00:35 - 2015-08-22 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{430B5E45-FBBA-4F9E-9F3A-1ADAF7654337}
2015-08-29 20:41 - 2015-08-29 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{4BD56954-D807-4844-9F86-2D4CA4555C07}
2015-12-06 18:42 - 2015-12-06 18:42 - 0000000 _____ () C:\Users\wendy\AppData\Local\{6059F42B-50F6-4AD1-BECF-CC75A19A27B6}
2015-07-18 15:18 - 2015-07-18 15:18 - 0000000 _____ () C:\Users\wendy\AppData\Local\{624B602E-6D26-4AF6-BD82-B393703CB7AB}
2015-10-13 06:03 - 2015-10-13 06:03 - 0000000 _____ () C:\Users\wendy\AppData\Local\{6B8CC477-7FC3-4E5C-A9C7-1C4194BE3FAA}
2015-10-24 12:47 - 2015-10-24 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{722561CA-DFC4-4CB4-BE31-08A468563E9A}
2015-11-13 13:47 - 2015-11-13 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{764904D7-1D10-4848-9E97-0AAF12403B4B}
2015-06-28 06:29 - 2015-06-28 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{78886CB7-6662-4BF6-9BB6-C0BC2C75E15A}
2015-04-22 17:45 - 2015-04-22 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7A2405BA-B6C9-467D-A1B4-A10896706AD3}
2015-06-15 06:29 - 2015-06-15 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{7B290F10-B94B-44EE-86A7-973FE33C0128}
2015-09-06 20:41 - 2015-09-06 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83720732-A486-42BB-B2B1-4A04A1631D2B}
2015-11-24 13:47 - 2015-11-24 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{83DFAAB6-6C02-4D73-A512-724875F22790}
2015-11-18 13:47 - 2015-11-18 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8763BCCB-ECAA-4B7B-A5E0-EB4DE4BE6219}
2015-12-02 13:47 - 2015-12-02 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{89E124A2-1892-4F50-945C-F58CB78FEBDA}
2015-11-11 13:47 - 2015-11-11 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{8A565DBB-41DA-4A63-AFAF-5B97031D7796}
2015-04-21 17:45 - 2015-04-21 17:45 - 0000000 _____ () C:\Users\wendy\AppData\Local\{94296B03-C699-4E5C-AF6F-DD88EE5A6521}
2015-06-22 06:29 - 2015-06-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A500015C-CDCB-4A7D-BC16-AB13211F0392}
2015-09-11 20:41 - 2015-09-11 20:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{A5C22D0B-5D8E-4022-B7EB-C75436967C39}
2015-06-17 06:29 - 2015-06-17 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD1B6D5D-B922-44D6-9AF8-AE8D021B55AC}
2015-08-26 17:00 - 2015-08-26 17:00 - 0000000 _____ () C:\Users\wendy\AppData\Local\{AD3753E3-96B0-4874-B7E5-906E15A2B8D3}
2015-06-25 06:29 - 2015-06-25 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B07F0F2B-8ED7-4959-A933-15BDA63ADD5D}
2015-07-23 00:35 - 2015-07-23 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B0FB6489-F2C1-4D7C-A16B-2FCA7DB996A9}
2015-07-16 00:35 - 2015-07-16 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B2048CBC-8B2C-4F3E-8F92-0057B099EF25}
2015-07-17 00:35 - 2015-07-17 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B7B80A39-180E-4BCF-8AEF-C5DA856A5386}
2015-11-06 13:47 - 2015-11-06 13:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{B9ABF72C-2B8C-4466-A32B-DF20134AED24}
2015-07-09 06:29 - 2015-07-09 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BB179260-8E99-454F-9785-8FB46993E6DB}
2015-09-29 12:47 - 2015-09-29 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{BC9F1C3E-A4B4-4C00-B0BF-84B3317C2738}
2015-09-22 18:41 - 2015-09-22 18:41 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C26632A8-32C3-40A2-91A0-33A0DEFA0239}
2015-07-30 00:35 - 2015-07-30 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{C5CB08E3-9549-4972-8EA5-F65736FEE0F6}
2015-09-20 12:47 - 2015-09-20 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D1CD6D91-06F9-4F2B-879E-370CA19BEC93}
2015-10-27 12:47 - 2015-10-27 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D2122FB7-DB86-492E-A19E-3581B5FB5A04}
2015-10-28 12:47 - 2015-10-28 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D36816FC-F195-460C-ABCB-7BCE12DF09C1}
2015-07-11 06:29 - 2015-07-11 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{D75A69AF-DA36-40B3-AE04-72A0ADA1BBE0}
2015-07-26 00:35 - 2015-07-26 00:35 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DB9B9209-E11B-4B21-9C7B-CDFEA77FF65C}
2015-05-24 06:29 - 2015-05-24 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEB9E28D-F9E3-49C2-B604-79474D14CB51}
2015-07-05 20:52 - 2015-07-05 20:52 - 0000000 _____ () C:\Users\wendy\AppData\Local\{DEC8628E-5F1E-46B3-A1A2-D0C2E5363623}
2015-07-13 06:29 - 2015-07-13 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E171084E-4FA7-4443-AE0B-9E9BB0E78E71}
2015-05-22 06:29 - 2015-05-22 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E44E9E29-9DC5-4383-8DEC-AC5785CCD3AD}
2015-10-08 12:47 - 2015-10-08 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E638D5D6-13DC-4025-915D-6476D561236B}
2015-08-06 13:40 - 2015-08-06 13:40 - 0000000 _____ () C:\Users\wendy\AppData\Local\{E6BD08D1-7655-4E53-B4AE-84300A6553FF}
2015-09-17 12:47 - 2015-09-17 12:47 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F1A3865B-DDDB-4416-9B8D-FF0C2FD6F351}
2015-09-10 06:09 - 2015-09-10 06:09 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F550ADF8-0A25-4C29-A443-496EBB56CEDC}
2015-11-03 18:10 - 2015-11-03 18:10 - 0000000 _____ () C:\Users\wendy\AppData\Local\{F70007E8-BA19-4D78-985C-B5A7C5A25A6C}
2015-06-29 06:29 - 2015-06-29 06:29 - 0000000 _____ () C:\Users\wendy\AppData\Local\{FD76CF26-49A6-4328-AECA-104A67C1D980}
2013-05-30 02:51 - 2013-05-30 02:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\wendy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-06 19:00
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by wendy (2015-12-08 21:18:01)
Running from C:\Users\wendy\Desktop
Windows 8.1 (X64) (2013-10-19 22:59:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2186271191-3458891878-1518541264-500 - Administrator - Disabled)
Guest (S-1-5-21-2186271191-3458891878-1518541264-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2186271191-3458891878-1518541264-1005 - Limited - Enabled)
wendy (S-1-5-21-2186271191-3458891878-1518541264-1001 - Administrator - Enabled) => C:\Users\wendy
zschi_000 (S-1-5-21-2186271191-3458891878-1518541264-1006 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.8 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
LogMeIn (HKLM-x32\...\{921037F5-CCA7-4FC5-83AF-42CC0AF14316}) (Version: 4.1.6524 - LogMeIn, Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
ScummVM 1.2.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
TNIOSDVolumeSync (x32 Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
VNC Server 5.2.1 (HKLM\...\{6B624E00-364E-4F07-9768-BFEF08692CB0}) (Version: 5.2.1 - RealVNC Ltd)
VNC Viewer 5.2.1 (HKLM\...\{F5572534-DC0E-428B-A24B-C9D312C63359}) (Version: 5.2.1 - RealVNC Ltd)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
19-11-2015 19:35:52 Scheduled Checkpoint
30-11-2015 13:44:56 Scheduled Checkpoint
06-12-2015 18:19:39 Restore Point Created by FRST
06-12-2015 19:21:25 JRT Pre-Junkware Removal
06-12-2015 19:38:25 Installed LogMeIn
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-12-06 18:20 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C524683-4352-4F7A-975D-3065B8D40122} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1BEBF026-FCA8-4E04-861B-C140E33B7916} - System32\Tasks\Wake up for Joe => Chrome.exe 
Task: {1E06C527-0826-4E83-83A0-EB2FEAFFFB98} - System32\Tasks\Lenovo\Lenovo-10516 => C:\ProgramData\Lenovo-10516.vbs
Task: {55EE8601-9FC8-4160-92BE-437509DF4D4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5EB92DA3-01BD-4358-9DB9-8574E6DCCC00} - System32\Tasks\Lenovo\Lenovo-10562 => C:\ProgramData\Lenovo-10562.vbs
Task: {647E3301-2D0A-4E04-A104-84599337671C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {A7F8C194-7803-4B15-A498-12C8943C360C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CCD4FD81-4E9D-4726-8C2D-0B72588DF857} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {DCDA5150-9CAA-452F-992A-FC4F1B098135} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {DD27C63E-5257-4D70-BB4A-55E18878EC58} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {E5D67E78-72D2-44B2-A00F-BA1B84A77272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8AA04A6-12F4-4FDE-9E28-10252D1D9C13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-20 17:11 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 03:53 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 01739776 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDaemon.exe
2013-05-30 02:52 - 2011-05-12 02:29 - 00045056 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsComm.dll
2013-05-30 02:52 - 2011-05-16 20:28 - 00110592 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsUtil.dll
2013-05-30 02:52 - 2011-04-19 00:50 - 00044544 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsDrv.dll
2013-05-30 02:52 - 2011-04-19 00:49 - 00038400 ____N () C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\LsHooks.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-30 02:51 - 2012-10-22 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wendy\Pictures\dolphin bible verse case.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "DrvInst"
HKLM\...\StartupApproved\Run32: => "Lenovo Dynamic Brightness System"
HKU\S-1-5-21-2186271191-3458891878-1518541264-1001\...\StartupApproved\Run: => "ooVoo.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A74E9B37-3A1F-4A05-AB52-4FDAE0B15CD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED6061F6-36F6-426E-BE30-56B80B0B70ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADF98A85-B6E3-4896-99B3-EC310C605694}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{98DF14ED-2F06-4724-960E-817979C0E238}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B47F3BE-F48B-4D24-BC63-FB25836C5B67}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4C192BB8-767D-4A3C-9B26-B5CFE06E16AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DA6EC777-2FEE-4407-84CA-18B5D320FD07}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F980D3A9-1DD8-4CE9-87BF-CE3EDF405C0C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7890ED8B-E2E3-42B9-ABBE-D874DE53415A}] => (Allow) C:\Users\wendy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{E1796A64-F379-4856-ACA9-6472936E9D17}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{94A310E6-2F3E-4DD9-A9EF-C31A6AD679CB}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63B6F2A0-BB43-4ACF-90D7-6E7E44778EA5}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{98A636F4-3969-4C43-BEC1-59FB55EBEEA8}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3860B4D3-55E0-4621-A3F0-12EFDF1108D3}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{921A7E5E-6B54-4573-9D8D-DAECCC689FF2}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{2ECBBCDF-4D22-46A0-B277-2A9C4237CABF}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{00DA4837-027D-4AE2-8228-3E003A674A1D}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{11C18B54-5915-4404-B1FF-49433EFCB301}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{33B69A5E-A656-4206-B015-490571C132CB}] => (Allow) C:\Program Files (x86)\ace race\bin\acerace.BRT.Helper.exe
FirewallRules: [{2952BC9B-BEFD-42FB-A7A9-3AF926A39968}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2015 09:18:20 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1016) {98034A60-5BB3-437F-9208-CECEC063C420}: Database recovery/restore failed with unexpected error -1032.
 
Error: (12/08/2015 09:18:20 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1016) {98034A60-5BB3-437F-9208-CECEC063C420}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/08/2015 09:18:20 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1016) {98034A60-5BB3-437F-9208-CECEC063C420}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/08/2015 09:18:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1016) {A1CE1D65-1E8A-4F82-9B2D-FCB11859EA70}: Database recovery/restore failed with unexpected error -1032.
 
Error: (12/08/2015 09:18:10 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1016) {A1CE1D65-1E8A-4F82-9B2D-FCB11859EA70}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/08/2015 09:18:10 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1016) {A1CE1D65-1E8A-4F82-9B2D-FCB11859EA70}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/08/2015 09:18:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1016) {35702251-7A7D-40F2-AD15-87F1DA1AF2A6}: Database recovery/restore failed with unexpected error -1032.
 
Error: (12/08/2015 09:18:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1016) {35702251-7A7D-40F2-AD15-87F1DA1AF2A6}: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/08/2015 09:18:00 PM) (Source: ESENT) (EventID: 486) (User: )
Description: SettingSyncHost (1016) {35702251-7A7D-40F2-AD15-87F1DA1AF2A6}: An attempt to move the file "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" to "C:\Users\wendy\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00F15.log" failed with system error 5 (0x00000005): "Access is denied. ".  The move file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/08/2015 09:17:50 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (1016) {3DE1C2D0-AFB5-4932-BA16-C720505C8FA0}: Database recovery/restore failed with unexpected error -1032.
 
 
System errors:
=============
Error: (12/07/2015 08:23:08 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.254.5 with the system
having network hardware address 90-8D-6C-1A-1D-58. Network operations on this system may
be disrupted as a result.
 
Error: (12/06/2015 06:48:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/06/2015 06:48:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/06/2015 06:48:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/06/2015 06:48:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-12-06 18:16:34.832
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-06 18:16:34.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-29 20:38:43.698
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-29 20:38:43.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 17:01:46.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 17:01:46.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-10 18:54:40.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-10 18:54:40.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-23 17:26:31.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-23 17:26:31.395
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3984.59 MB
Available physical RAM: 2290.63 MB
Total Virtual: 10128.59 MB
Available Virtual: 8483.31 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:849.03 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C5EF4566)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

#12
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hey zep, just checking up with you. Haven't heard from you in awhile. Maybe my prompt response threw you off ;). I noticed that my computer just had an update and it had to restart. However, now there is something called vosteran search that comes up when I start chrome. Also, I'm still getting those *.vbs errors randomly on my machine.

 

Thanks!


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Sorry for delay, I'll be with you shortly..
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts

Hello,

 

Very sorry for delay here called in for work over weekend.

 

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Task: {1E06C527-0826-4E83-83A0-EB2FEAFFFB98} - System32\Tasks\Lenovo\Lenovo-10516 => C:\ProgramData\Lenovo-10516.vbs
Task: {5EB92DA3-01BD-4358-9DB9-8574E6DCCC00} - System32\Tasks\Lenovo\Lenovo-10562 => C:\ProgramData\Lenovo-10562.vbs
C:\ProgramData\Lenovo-10516.vbs
C:\ProgramData\Lenovo-10562.vbs
Emptytemp:

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

 

Next reset Chrome

 

How to reset Chrome browser settings;

1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

 

Let me know how things are.

 

Joe


  • 0

#15
NatiePotatie

NatiePotatie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

No problem. Thanks again for the assistance, zep. I will be running the scans tonight and let you know of how the computer is acting in a few days :).

 

Thanks,

Nate


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP