Author Topic: [Resolved - K] Pop Ups  (Read 7483 times)

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
[Resolved - K] Pop Ups
« on: February 06, 2015, 11:02:31 AM »
Hey guys and girls,
I've been getting pop ups .... there is something in my registry... It's vostrun (sic)  that won't go away.
http://img.photobucket.com/albums/v204/zbestwun2001/Album%20two/Untitledaass_zps5nop81hu.jpg


Here is one of the pages it gives me
http://img.photobucket.com/albums/v204/zbestwun2001/zbestwun2001012/10506629_10153096744351660_2803582517283034555_o_zpsyirwh3te.jpg


Using Windows 8.1
Thanks for the help.....
« Last Edit: February 09, 2015, 11:30:58 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #1 on: February 06, 2015, 11:09:29 AM »
Hello and welcome to SpywareHammer,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Run the following scans and post the produced logs:

Step 1

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Step 2

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Thank you,

Kevin...

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #2 on: February 06, 2015, 12:29:55 PM »
FUBAR  LOG ONE  .....  I CAN'T FIND THE SECOND LOG.[/color][/b]
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : steve [Administrator]
Mode : Scan -- Date : 02/06/2015  10:24:25

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ymc.exe(2736) -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe[7] -> Killed [TermProc]
[Suspicious.Path] esif_assist.exe(3648) -- C:\windows\TEMP\DPTF\esif_assist.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{935F78A6-DAB9-4471-AE28-77F328C6BCBB} | DhcpNameServer : 150.201.1.3 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{935F78A6-DAB9-4471-AE28-77F328C6BCBB} | DhcpNameServer : 150.201.1.3 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : c:/progra~3/{ffab1~1/171~1.0/nite.dll   -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ej5wnmnu.default-1419193867979 : user_pref("browser.startup.homepage", "chrome://fvd.speeddial/content/fvd_about_blank.html"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LITEON IT L8T-256L9G +++++
--- User ---
[MBR] a59c5aa8aff5afadda806424d8265157
[BSP] 51d3119b8e68c10b2e05eb80f9c97df9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
(TODO: <公司名>) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [604928 2014-07-14] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2014-10-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [1341720 2014-08-27] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2657048 2014-08-27] (Lenovo)
HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:/progra~3/{ffab1~1/171~1.0/nite.dll => c:/progra~3/{ffab1~1/171~1.0/nite.dll [649216 2015-01-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: Google
FF Homepage: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin HKU\S-1-5-21-2026979168-75484373-854228467-1001: LWAPlugin15.8 -> C:\Users\steve\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\steve\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\pavel.sherbakov@gmail.com [2014-12-26]
FF Extension: All-in-One Gestures - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-12-26]
FF Extension: Classic Theme Restorer - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-12-22]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\fbp@fbpurity.com.xpi [2014-12-26]
FF Extension: Ghostery - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\firefox@ghostery.com.xpi [2015-02-05]
FF Extension: NoScript - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-05]
FF Extension: Adblock Edge - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-05]

Chrome:
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (AdBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\abploloocmdpbolbighfgffiagjiddfj [2014-12-18]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Adblock Plus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-02]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2015-01-02]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-12-18]
CHR Extension: (PlantUML Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\legbfeljfbjgfifnkmpoajgpgejojooj [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (ProoShopper) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggieegkfjnibponfnjpelafgojglngpn [2015-02-05]
CHR Extension: (PlantUML Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\legbfeljfbjgfifnkmpoajgpgejojooj [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 26873248; c:\Program Files (x86)\SystemUpgrade\SystemUpgrade.dll [1552384 2015-02-04] () [File not signed]
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [977664 2014-06-03] (Broadcom Corporation.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc.)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [953352 2014-06-09] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [194328 2014-10-13] (Lenovo)
R2 HarmonyPicksService; C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe [17176 2014-08-14] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [18712 2014-08-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324568 2014-07-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-07-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2495768 2014-11-04] (TODO: <公司名>)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2014-10-17] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-05] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-08-11] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2014-10-17] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2014-10-17] (Lenovo)
R2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-08-11] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-08-04] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [126568 2015-01-20] (RaMMicHaeL)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-10-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-07-25] (Lenovo)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7578328 2014-10-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-06-09] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [34072 2014-06-09] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-06-09] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\Drivers\Fastboot.sys [70168 2014-10-13] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [110824 2014-06-10] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-07-03] (Intel Corporation)
R3 mxtBootBridge; C:\Windows\System32\drivers\mxtBootBridge.sys [36160 2013-12-18] (Atmel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [7239384 2014-08-29] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-08-04] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-06] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 09:51 - 2015-02-06 09:51 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-02-06 09:51 - 2015-02-06 09:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 09:49 - 2015-02-06 09:51 - 15431256 _____ () C:\Users\steve\Downloads\RogueKiller.exe
2015-02-06 09:38 - 2015-02-06 09:55 - 00032087 _____ () C:\Users\steve\Downloads\Addition.txt
2015-02-06 09:37 - 2015-02-06 10:12 - 00027537 _____ () C:\Users\steve\Downloads\FRST.txt
2015-02-06 09:37 - 2015-02-06 10:12 - 00000000 ____D () C:\FRST
2015-02-06 09:36 - 2015-02-06 09:36 - 02131968 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2015-02-06 08:27 - 2015-02-06 08:28 - 02112512 _____ () C:\Users\steve\Downloads\AdwCleaner(1).exe
2015-02-06 08:24 - 2015-02-06 08:24 - 00049831 _____ () C:\Users\steve\Desktop\Steve Fischler--Fischler Artist Promotions.html
2015-02-06 08:24 - 2015-02-06 08:24 - 00000000 ____D () C:\Users\steve\Desktop\Steve Fischler--Fischler Artist Promotions_files
2015-02-05 11:07 - 2015-02-06 10:04 - 00000696 _____ () C:\windows\setupact.log
2015-02-05 11:07 - 2015-02-05 11:07 - 00000000 _____ () C:\windows\setuperr.log
2015-02-05 11:06 - 2015-02-06 10:06 - 00744761 _____ () C:\windows\WindowsUpdate.log
2015-02-05 11:06 - 2015-02-05 11:06 - 00000816 _____ () C:\windows\PFRO.log
2015-02-05 07:32 - 2015-02-05 07:32 - 00610776 _____ () C:\Users\steve\Downloads\Unconfirmed 59377.crdownload
2015-02-05 07:27 - 2015-02-05 07:27 - 00000020 _____ () C:\Users\steve\AppData\Roaming\appdataFr3.bin
2015-02-05 07:08 - 2015-02-05 07:09 - 00000000 ____D () C:\Program Files (x86)\PlantUML Viewer
2015-02-04 21:27 - 2015-02-05 10:06 - 00000000 ____D () C:\Program Files (x86)\SystemUpgrade
2015-01-31 11:47 - 2015-02-05 10:06 - 00000000 ____D () C:\windows\pss
2015-01-30 11:21 - 2015-01-30 11:21 - 00016925 _____ () C:\Users\steve\Desktop\FINAL PASSWORDSNEWEST 1.13;15.odt
2015-01-29 07:24 - 2015-01-29 07:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\2CF93191.sys
2015-01-27 07:21 - 2015-01-27 07:21 - 00016537 _____ () C:\Users\steve\Desktop\B8VAmQXCEAIbbNm.jpg large.jpeg
2015-01-27 06:48 - 2015-01-27 06:48 - 00000000 ____D () C:\Users\steve\Desktop\g
2015-01-26 19:57 - 2015-01-26 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 19:43 - 2014-06-26 08:04 - 28952538 _____ () C:\Users\steve\Downloads\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv
2015-01-25 10:08 - 2014-06-26 08:04 - 28952538 _____ () C:\Users\steve\Desktop\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv
2015-01-25 09:12 - 2015-02-06 10:05 - 00000000 ___RD () C:\Users\steve\Dropbox
2015-01-25 09:12 - 2015-02-03 14:33 - 00001040 _____ () C:\Users\steve\Desktop\Dropbox.lnk
2015-01-25 09:05 - 2015-02-05 10:06 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-25 09:03 - 2015-02-06 10:05 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2015-01-25 09:03 - 2015-01-25 09:03 - 00324136 _____ (Dropbox, Inc.) C:\Users\steve\Downloads\DropboxInstaller.exe
2015-01-23 07:48 - 2015-01-23 07:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\5C496EB7.sys
2015-01-22 16:37 - 2015-01-22 16:37 - 00001026 _____ () C:\Users\steve\Desktop\SpeedFan.lnk
2015-01-22 16:37 - 2015-01-22 16:37 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-22 16:37 - 2015-01-22 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-22 16:36 - 2015-01-22 16:37 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-22 16:36 - 2015-01-22 16:36 - 02174848 _____ () C:\Users\steve\Downloads\instsf450(1).exe
2015-01-22 16:36 - 2015-01-22 16:36 - 00000045 _____ () C:\windows\SysWOW64\initdebug.nfo
2015-01-22 16:27 - 2015-01-22 16:27 - 02174848 _____ () C:\Users\steve\Downloads\instsf450.exe
2015-01-22 07:34 - 2015-01-22 07:34 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Nitro
2015-01-21 17:40 - 2015-01-21 17:41 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(6).msi
2015-01-21 17:27 - 2015-01-21 17:28 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(5).msi
2015-01-21 17:14 - 2015-01-21 17:15 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(4).msi
2015-01-21 17:14 - 2015-01-21 17:15 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(3).msi
2015-01-21 17:13 - 2015-01-21 17:14 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(2).msi
2015-01-21 17:13 - 2015-01-21 17:14 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(1).msi
2015-01-21 17:11 - 2015-01-21 17:12 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32.msi
2015-01-19 19:04 - 2015-01-19 19:04 - 00909002 _____ () C:\Users\steve\Desktop\speeddial.sd
2015-01-19 06:44 - 2015-01-19 06:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\37B90510.sys
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Warren Zevon
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\War
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Van Morrison
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Traffic
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Tim Buckley
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\The Who
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\The Guess Who
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\T V Themes
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Stones
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\STEPPENWOLF
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Steely Dan
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Sly and the Family Stone
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Skynard
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Sheryl Crow
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Queen
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Neil Young
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Lionel Richie
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Kinks
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Kenny Loggins
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Joni Mitchell
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jimmy Buffett
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jimi Hendrix
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jefferson Airplane
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\James Taylor
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jackson Browne
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Gordon Lightfoot
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Fleetwood Mac
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eric Clapton
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eric Burdon
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\EarthWind and Fire
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eagles
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Dr John
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\David Bowie
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Crosby Stills Nash and Young
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Chris Botti
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Chicago
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Carol King
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bobby Darin
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bob Seger
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bob Dylan
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Billy Joel
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Beatles
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\BareNaked Ladies
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\3 Dog Night
2015-01-16 13:47 - 2015-01-16 13:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Audacity
2015-01-16 13:47 - 2015-01-16 13:47 - 00000000 ____D () C:\Users\steve\AppData\Local\twitter
2015-01-15 15:21 - 2015-01-15 15:21 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-15 12:08 - 2015-01-15 12:11 - 81614632 _____ (Apple Inc.) C:\Users\steve\Downloads\iTunes64Setup.exe
2015-01-15 12:02 - 2015-01-15 12:06 - 109829936 _____ (Apple Inc.) C:\Users\steve\Downloads\iTunesSetup.exe
2015-01-15 11:09 - 2015-01-15 11:09 - 00887336 _____ (RaMMicHaeL) C:\Users\steve\Downloads\unchecky_setup.exe
2015-01-15 11:09 - 2015-01-15 11:09 - 00001038 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-15 11:03 - 2015-01-15 11:03 - 00783840 _____ ( ) C:\Users\steve\Downloads\FileOpenerSetup(1).exe
2015-01-15 10:56 - 2015-01-15 10:56 - 00000000 ____D () C:\ProgramData\{FFAB1768-AF29-C6EE-1EAF-B66CCE2D65E2}
2015-01-15 10:54 - 2015-01-15 10:54 - 00783840 _____ ( ) C:\Users\steve\Downloads\FileOpenerSetup.exe
2015-01-14 12:43 - 2015-01-14 12:43 - 00012959 _____ () C:\Users\steve\Desktop\FINAL PASSWORDSNEWEST 1.13;15.ods
2015-01-14 07:35 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:35 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 07:35 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 07:35 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 07:35 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 07:35 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 07:35 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:35 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 07:35 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 07:35 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 07:35 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 07:35 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 07:35 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 07:35 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 07:35 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 07:35 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 07:35 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 07:35 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 07:35 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 07:35 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 07:35 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-02-06 10:05 - 00000000 __RDO () C:\Users\steve\OneDrive
2015-01-12 15:07 - 2015-01-12 15:07 - 00000242 _____ () C:\Users\steve\Desktop\f.txt
2015-01-12 15:05 - 2015-01-12 15:05 - 00000242 _____ () C:\Users\steve\Documents\f.txt
2015-01-11 13:45 - 2015-01-11 13:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Winamp
2015-01-11 08:57 - 2015-01-13 09:37 - 00000000 ___RD () C:\Users\steve\OneDrive.old
2015-01-10 11:16 - 2015-01-10 11:16 - 00042497 _____ () C:\Users\steve\Desktop\Aamth_hq.jpeg
2015-01-10 11:15 - 2015-01-14 17:31 - 00037356 _____ () C:\Users\steve\Desktop\Aamth_hq_400x400.jpeg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 10:12 - 2014-03-18 01:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-06 10:10 - 2014-12-09 14:33 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2026979168-75484373-854228467-1001
2015-02-06 10:07 - 2014-12-11 12:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 10:07 - 2014-12-10 10:56 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:07 - 2014-10-17 17:48 - 00006469 _____ () C:\windows\SysWOW64\Gms.log
2015-02-06 10:05 - 2014-12-09 14:29 - 00001358 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk
2015-02-06 10:05 - 2014-12-09 14:28 - 00002254 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk
2015-02-06 10:04 - 2014-12-24 12:12 - 00000000 ____D () C:\AdwCleaner
2015-02-06 10:04 - 2014-10-17 18:02 - 00031149 _____ () C:\Users\Public\Documents\TestService.txt
2015-02-06 10:04 - 2014-10-17 18:02 - 00004608 _____ () C:\windows\system32\VfService.trf
2015-02-06 10:04 - 2013-08-22 06:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-06 10:04 - 2013-08-22 05:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-06 10:02 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-06 09:44 - 2014-12-10 13:04 - 00000000 ____D () C:\Users\steve\AppData\Roaming\ClassicShell
2015-02-06 08:56 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-06 06:25 - 2014-12-09 14:30 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0E1009A8-0853-4C8C-BB4E-5B92EBFE2F47}
2015-02-05 11:06 - 2013-08-22 07:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-05 10:54 - 2014-12-16 14:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 10:06 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\Pokki
2015-02-05 10:06 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-05 10:05 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\registration
2015-02-05 06:11 - 2014-12-16 14:04 - 00002297 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-04 11:07 - 2014-12-11 12:24 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 11:47 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve
2015-01-29 15:23 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppCompat
2015-01-29 15:23 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-01-29 14:53 - 2014-12-09 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 16:47 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\Packages
2015-01-21 17:12 - 2014-12-09 15:46 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Mozilla
2015-01-16 13:58 - 2014-12-13 11:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\MediaMonkey
2015-01-15 10:56 - 2014-12-09 15:46 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-14 15:02 - 2014-12-11 11:21 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 15:00 - 2014-12-11 11:21 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 14:06 - 2014-12-28 11:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-13 14:06 - 2014-12-28 08:23 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-13 14:06 - 2014-12-27 10:00 - 00000000 ____D () C:\Users\steve\Desktop\THE NEW YOGA 3 PRO _ Lenovo US_files
2015-01-13 14:06 - 2014-12-25 15:32 - 00000000 ____D () C:\Users\steve\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2015-01-13 14:06 - 2014-12-25 15:32 - 00000000 ____D () C:\2d3db3bc58343bc82725d57d88b1
2015-01-13 14:06 - 2014-12-24 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-13 14:06 - 2014-12-24 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-13 14:06 - 2014-12-15 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-01-13 14:06 - 2014-12-13 11:48 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-01-13 14:06 - 2014-12-09 14:31 - 00000000 ____D () C:\ProgramData\OneKey Optimizer
2015-01-13 14:06 - 2014-10-17 18:03 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-13 14:06 - 2014-03-18 01:38 - 00000000 ____D () C:\windows\ShellNew
2015-01-13 14:06 - 2014-03-18 01:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 __RSD () C:\windows\Media
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\WinStore
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Shared
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Media.Shared
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\setup
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\MediaViewer
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\Globalization
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\FileManager
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\Camera
2015-01-13 14:06 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\system32\oobe
2015-01-13 14:06 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\servicing
2015-01-11 14:12 - 2014-12-20 13:29 - 00000000 ____D () C:\Users\steve\AppData\Roaming\FLEXnet
2015-01-11 14:11 - 2014-12-25 15:33 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

==================== Files in the root of some directories =======

2015-02-05 07:27 - 2015-02-05 07:27 - 0000020 _____ () C:\Users\steve\AppData\Roaming\appdataFr3.bin
2014-12-19 10:22 - 2014-12-25 12:55 - 0007605 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-10-17 17:46 - 2014-10-17 17:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-13 11:38 - 2014-12-24 18:46 - 0000021 _____ () C:\ProgramData\settings.cfg

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\dllnt_dump.dll
C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9vro9c.dll
C:\Users\steve\AppData\Local\Temp\octC581.tmp.exe
C:\Users\steve\AppData\Local\Temp\Quarantine.exe
C:\Users\steve\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 11:39

==================== End Of Log ============================


RK Report


RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : steve [Administrator]
Mode : Scan -- Date : 02/06/2015  10:24:25

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ymc.exe(2736) -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe[7] -> Killed [TermProc]
[Suspicious.Path] esif_assist.exe(3648) -- C:\windows\TEMP\DPTF\esif_assist.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc (C:\ProgramData\LenovoTransition\Server\x64\ymc.exe) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{935F78A6-DAB9-4471-AE28-77F328C6BCBB} | DhcpNameServer : 150.201.1.3 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{935F78A6-DAB9-4471-AE28-77F328C6BCBB} | DhcpNameServer : 150.201.1.3 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : c:/progra~3/{ffab1~1/171~1.0/nite.dll   -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ej5wnmnu.default-1419193867979 : user_pref("browser.startup.homepage", "chrome://fvd.speeddial/content/fvd_about_blank.html"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: LITEON IT L8T-256L9G +++++
--- User ---
[MBR] a59c5aa8aff5afadda806424d8265157
[BSP] 51d3119b8e68c10b2e05eb80f9c97df9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK




Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #3 on: February 06, 2015, 12:44:48 PM »
Top part of FRST main log (FRST.txt) is missing, need to see the log in full. Also secondary log is needed (Addition.txt)
Logs are saved to the following folder: C:\FRST\Logs Post both logs in full....

Thank you,

Kevin...

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #4 on: February 06, 2015, 01:12:00 PM »
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by steve (administrator) on LENOVO-PC on 06-02-2015 09:52:53
Running from C:\Users\steve\Downloads
Loaded Profiles: steve (Available profiles: steve)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
() C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
(TODO: <公司名>) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\steve\Downloads\AdwCleaner(1).exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [604928 2014-07-14] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2014-10-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [HarmonyPicks] => C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.HarmonyPicks.exe [1341720 2014-08-27] (Lenovo)
HKLM-x32\...\Run: [HarmonySetting] => C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.HarmonySetting.exe [2657048 2014-08-27] (Lenovo)
HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs-x32: c:/progra~3/{ffab1~1/171~1.0/nite.dll => c:/progra~3/{ffab1~1/171~1.0/nite.dll [649216 2015-01-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-2026979168-75484373-854228467-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: Google
FF Homepage: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin HKU\S-1-5-21-2026979168-75484373-854228467-1001: LWAPlugin15.8 -> C:\Users\steve\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\steve\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\pavel.sherbakov@gmail.com [2014-12-26]
FF Extension: All-in-One Gestures - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-12-26]
FF Extension: Classic Theme Restorer - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-12-22]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\fbp@fbpurity.com.xpi [2014-12-26]
FF Extension: Ghostery - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\firefox@ghostery.com.xpi [2015-02-05]
FF Extension: NoScript - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-05]
FF Extension: Adblock Edge - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ej5wnmnu.default-1419193867979\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-05]

Chrome:
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (AdBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\abploloocmdpbolbighfgffiagjiddfj [2014-12-18]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Adblock Plus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-02]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2015-01-02]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-12-18]
CHR Extension: (PlantUML Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\legbfeljfbjgfifnkmpoajgpgejojooj [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (ProoShopper) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggieegkfjnibponfnjpelafgojglngpn [2015-02-05]
CHR Extension: (PlantUML Viewer) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\legbfeljfbjgfifnkmpoajgpgejojooj [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 26873248; c:\Program Files (x86)\SystemUpgrade\SystemUpgrade.dll [1552384 2015-02-04] () [File not signed]
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [977664 2014-06-03] (Broadcom Corporation.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc.)
R2 esifsvc; C:\windows\SysWOW64\esif_uf.exe [953352 2014-06-09] (Intel Corporation)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [194328 2014-10-13] (Lenovo)
R2 HarmonyPicksService; C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe [17176 2014-08-14] ()
R2 HarmonySettingService; C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe [18712 2014-08-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324568 2014-07-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-07-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2495768 2014-11-04] (TODO: <公司名>)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2005320 2014-10-13] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2014-10-17] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-05] (Lenovo(beijing) Limited)
R2 PaperLookingSrv; C:\Program Files (x86)\Lenovo\PaperDisplay\PaperLookingSrv.exe [173336 2014-08-11] (Lenovo)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [524552 2014-05-28] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2014-10-17] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2014-10-17] (Lenovo)
R2 PLHotkeyService; C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe [25368 2014-08-11] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-08-04] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [126568 2015-01-20] (RaMMicHaeL)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-10-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-07-25] (Lenovo)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7578328 2014-10-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-06-09] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [34072 2014-06-09] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-06-09] (Intel Corporation)
R0 Fastboot; C:\Windows\System32\Drivers\Fastboot.sys [70168 2014-10-13] (Windows (R) Win 7 DDK provider)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [110824 2014-06-10] (GenesysLogic)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-07-03] (Intel Corporation)
R3 mxtBootBridge; C:\Windows\System32\drivers\mxtBootBridge.sys [36160 2013-12-18] (Atmel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [7239384 2014-08-29] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-08-04] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-06] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 09:51 - 2015-02-06 09:51 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-02-06 09:51 - 2015-02-06 09:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 09:49 - 2015-02-06 09:51 - 15431256 _____ () C:\Users\steve\Downloads\RogueKiller.exe
2015-02-06 09:38 - 2015-02-06 09:45 - 00032153 _____ () C:\Users\steve\Downloads\Addition.txt
2015-02-06 09:37 - 2015-02-06 09:53 - 00027401 _____ () C:\Users\steve\Downloads\FRST.txt
2015-02-06 09:37 - 2015-02-06 09:52 - 00000000 ____D () C:\FRST
2015-02-06 09:36 - 2015-02-06 09:36 - 02131968 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2015-02-06 08:27 - 2015-02-06 08:28 - 02112512 _____ () C:\Users\steve\Downloads\AdwCleaner(1).exe
2015-02-06 08:24 - 2015-02-06 08:24 - 00049831 _____ () C:\Users\steve\Desktop\Steve Fischler--Fischler Artist Promotions.html
2015-02-06 08:24 - 2015-02-06 08:24 - 00000000 ____D () C:\Users\steve\Desktop\Steve Fischler--Fischler Artist Promotions_files
2015-02-05 11:07 - 2015-02-06 09:12 - 00000580 _____ () C:\windows\setupact.log
2015-02-05 11:07 - 2015-02-05 11:07 - 00000000 _____ () C:\windows\setuperr.log
2015-02-05 11:06 - 2015-02-06 09:25 - 00733267 _____ () C:\windows\WindowsUpdate.log
2015-02-05 11:06 - 2015-02-05 11:06 - 00000816 _____ () C:\windows\PFRO.log
2015-02-05 07:32 - 2015-02-05 07:32 - 00610776 _____ () C:\Users\steve\Downloads\Unconfirmed 59377.crdownload
2015-02-05 07:27 - 2015-02-05 07:27 - 00000020 _____ () C:\Users\steve\AppData\Roaming\appdataFr3.bin
2015-02-05 07:08 - 2015-02-05 07:09 - 00000000 ____D () C:\Program Files (x86)\PlantUML Viewer
2015-02-04 21:27 - 2015-02-05 10:06 - 00000000 ____D () C:\Program Files (x86)\SystemUpgrade
2015-01-31 11:47 - 2015-02-05 10:06 - 00000000 ____D () C:\windows\pss
2015-01-30 11:21 - 2015-01-30 11:21 - 00016925 _____ () C:\Users\steve\Desktop\FINAL PASSWORDSNEWEST 1.13;15.odt
2015-01-29 07:24 - 2015-01-29 07:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\2CF93191.sys
2015-01-27 07:21 - 2015-01-27 07:21 - 00016537 _____ () C:\Users\steve\Desktop\B8VAmQXCEAIbbNm.jpg large.jpeg
2015-01-27 06:48 - 2015-01-27 06:48 - 00000000 ____D () C:\Users\steve\Desktop\g
2015-01-26 19:57 - 2015-01-26 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 19:43 - 2014-06-26 08:04 - 28952538 _____ () C:\Users\steve\Downloads\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv
2015-01-25 10:08 - 2014-06-26 08:04 - 28952538 _____ () C:\Users\steve\Desktop\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv
2015-01-25 09:12 - 2015-02-06 09:13 - 00000000 ___RD () C:\Users\steve\Dropbox
2015-01-25 09:12 - 2015-02-03 14:33 - 00001040 _____ () C:\Users\steve\Desktop\Dropbox.lnk
2015-01-25 09:05 - 2015-02-05 10:06 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-25 09:03 - 2015-02-06 09:13 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2015-01-25 09:03 - 2015-01-25 09:03 - 00324136 _____ (Dropbox, Inc.) C:\Users\steve\Downloads\DropboxInstaller.exe
2015-01-23 07:48 - 2015-01-23 07:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\5C496EB7.sys
2015-01-22 16:37 - 2015-01-22 16:37 - 00001026 _____ () C:\Users\steve\Desktop\SpeedFan.lnk
2015-01-22 16:37 - 2015-01-22 16:37 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-22 16:37 - 2015-01-22 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-22 16:36 - 2015-01-22 16:37 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-22 16:36 - 2015-01-22 16:36 - 02174848 _____ () C:\Users\steve\Downloads\instsf450(1).exe
2015-01-22 16:36 - 2015-01-22 16:36 - 00000045 _____ () C:\windows\SysWOW64\initdebug.nfo
2015-01-22 16:27 - 2015-01-22 16:27 - 02174848 _____ () C:\Users\steve\Downloads\instsf450.exe
2015-01-22 07:34 - 2015-01-22 07:34 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Nitro
2015-01-21 17:40 - 2015-01-21 17:41 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(6).msi
2015-01-21 17:27 - 2015-01-21 17:28 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(5).msi
2015-01-21 17:14 - 2015-01-21 17:15 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(4).msi
2015-01-21 17:14 - 2015-01-21 17:15 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(3).msi
2015-01-21 17:13 - 2015-01-21 17:14 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(2).msi
2015-01-21 17:13 - 2015-01-21 17:14 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32(1).msi
2015-01-21 17:11 - 2015-01-21 17:12 - 07806976 _____ () C:\Users\steve\Downloads\LWAPlugin64BitInstaller32.msi
2015-01-19 19:04 - 2015-01-19 19:04 - 00909002 _____ () C:\Users\steve\Desktop\speeddial.sd
2015-01-19 06:44 - 2015-01-19 06:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\37B90510.sys
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Warren Zevon
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\War
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Van Morrison
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Traffic
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Tim Buckley
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\The Who
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\The Guess Who
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\T V Themes
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Stones
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\STEPPENWOLF
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Steely Dan
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Sly and the Family Stone
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Skynard
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Sheryl Crow
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Queen
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Neil Young
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Lionel Richie
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Kinks
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Kenny Loggins
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Joni Mitchell
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jimmy Buffett
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jimi Hendrix
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jefferson Airplane
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\James Taylor
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Jackson Browne
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Gordon Lightfoot
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Fleetwood Mac
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eric Clapton
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eric Burdon
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\EarthWind and Fire
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Eagles
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Dr John
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\David Bowie
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Crosby Stills Nash and Young
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Chris Botti
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Chicago
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Carol King
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bobby Darin
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bob Seger
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Bob Dylan
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Billy Joel
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\Beatles
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\BareNaked Ladies
2015-01-16 13:52 - 2015-01-16 13:52 - 00000000 ____D () C:\3 Dog Night
2015-01-16 13:47 - 2015-01-16 13:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Audacity
2015-01-16 13:47 - 2015-01-16 13:47 - 00000000 ____D () C:\Users\steve\AppData\Local\twitter
2015-01-15 15:21 - 2015-01-15 15:21 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-15 12:08 - 2015-01-15 12:11 - 81614632 _____ (Apple Inc.) C:\Users\steve\Downloads\iTunes64Setup.exe
2015-01-15 12:02 - 2015-01-15 12:06 - 109829936 _____ (Apple Inc.) C:\Users\steve\Downloads\iTunesSetup.exe
2015-01-15 11:09 - 2015-01-15 11:09 - 00887336 _____ (RaMMicHaeL) C:\Users\steve\Downloads\unchecky_setup.exe
2015-01-15 11:09 - 2015-01-15 11:09 - 00001038 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-15 11:09 - 2015-01-15 11:09 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-15 11:03 - 2015-01-15 11:03 - 00783840 _____ ( ) C:\Users\steve\Downloads\FileOpenerSetup(1).exe
2015-01-15 10:56 - 2015-01-15 10:56 - 00000000 ____D () C:\ProgramData\{FFAB1768-AF29-C6EE-1EAF-B66CCE2D65E2}
2015-01-15 10:54 - 2015-01-15 10:54 - 00783840 _____ ( ) C:\Users\steve\Downloads\FileOpenerSetup.exe
2015-01-14 12:43 - 2015-01-14 12:43 - 00012959 _____ () C:\Users\steve\Desktop\FINAL PASSWORDSNEWEST 1.13;15.ods
2015-01-14 07:35 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:35 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 07:35 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 07:35 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 07:35 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 07:35 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 07:35 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 07:35 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:35 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 07:35 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 07:35 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 07:35 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 07:35 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 07:35 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 07:35 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 07:35 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 07:35 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 07:35 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 07:35 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 07:35 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 07:35 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 07:35 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 07:35 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-02-06 09:12 - 00000000 __RDO () C:\Users\steve\OneDrive
2015-01-12 15:07 - 2015-01-12 15:07 - 00000242 _____ () C:\Users\steve\Desktop\f.txt
2015-01-12 15:05 - 2015-01-12 15:05 - 00000242 _____ () C:\Users\steve\Documents\f.txt
2015-01-11 13:45 - 2015-01-11 13:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Winamp
2015-01-11 08:57 - 2015-01-13 09:37 - 00000000 ___RD () C:\Users\steve\OneDrive.old
2015-01-10 11:16 - 2015-01-10 11:16 - 00042497 _____ () C:\Users\steve\Desktop\Aamth_hq.jpeg
2015-01-10 11:15 - 2015-01-14 17:31 - 00037356 _____ () C:\Users\steve\Desktop\Aamth_hq_400x400.jpeg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 09:44 - 2014-12-10 13:04 - 00000000 ____D () C:\Users\steve\AppData\Roaming\ClassicShell
2015-02-06 09:17 - 2014-12-09 14:33 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2026979168-75484373-854228467-1001
2015-02-06 09:16 - 2014-03-18 01:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-06 09:15 - 2014-12-24 12:12 - 00000000 ____D () C:\AdwCleaner
2015-02-06 09:14 - 2014-10-17 17:48 - 00006469 _____ () C:\windows\SysWOW64\Gms.log
2015-02-06 09:13 - 2014-12-09 14:29 - 00001358 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Settings Introduction.lnk
2015-02-06 09:13 - 2014-12-09 14:28 - 00002254 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harmony Picks Introduction.lnk
2015-02-06 09:12 - 2014-12-10 10:56 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 09:12 - 2014-10-17 18:02 - 00030816 _____ () C:\Users\Public\Documents\TestService.txt
2015-02-06 09:12 - 2014-10-17 18:02 - 00004608 _____ () C:\windows\system32\VfService.trf
2015-02-06 09:12 - 2013-08-22 06:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-06 09:12 - 2013-08-22 05:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-06 09:07 - 2014-12-11 12:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 09:00 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-06 08:56 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-06 06:25 - 2014-12-09 14:30 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0E1009A8-0853-4C8C-BB4E-5B92EBFE2F47}
2015-02-05 11:06 - 2013-08-22 07:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-05 10:54 - 2014-12-16 14:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 10:06 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\Pokki
2015-02-05 10:06 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-05 10:05 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\registration
2015-02-05 06:11 - 2014-12-16 14:04 - 00002297 _____ () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-04 11:07 - 2014-12-11 12:24 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 11:47 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve
2015-01-29 15:23 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppCompat
2015-01-29 15:23 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-01-29 14:53 - 2014-12-09 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 16:47 - 2014-12-09 14:28 - 00000000 ____D () C:\Users\steve\AppData\Local\Packages
2015-01-21 17:12 - 2014-12-09 15:46 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Mozilla
2015-01-16 13:58 - 2014-12-13 11:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\MediaMonkey
2015-01-15 10:56 - 2014-12-09 15:46 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-14 15:02 - 2014-12-11 11:21 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 15:00 - 2014-12-11 11:21 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 14:06 - 2014-12-28 11:48 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-13 14:06 - 2014-12-28 08:23 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-13 14:06 - 2014-12-27 10:00 - 00000000 ____D () C:\Users\steve\Desktop\THE NEW YOGA 3 PRO _ Lenovo US_files
2015-01-13 14:06 - 2014-12-25 15:32 - 00000000 ____D () C:\Users\steve\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2015-01-13 14:06 - 2014-12-25 15:32 - 00000000 ____D () C:\2d3db3bc58343bc82725d57d88b1
2015-01-13 14:06 - 2014-12-24 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-13 14:06 - 2014-12-24 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-13 14:06 - 2014-12-15 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-01-13 14:06 - 2014-12-13 11:48 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-01-13 14:06 - 2014-12-09 14:31 - 00000000 ____D () C:\ProgramData\OneKey Optimizer
2015-01-13 14:06 - 2014-10-17 18:03 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-13 14:06 - 2014-03-18 01:38 - 00000000 ____D () C:\windows\ShellNew
2015-01-13 14:06 - 2014-03-18 01:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 __RSD () C:\windows\Media
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\WinStore
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Shared
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Media.Shared
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\setup
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\MediaViewer
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\Globalization
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\FileManager
2015-01-13 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\Camera
2015-01-13 14:06 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\system32\oobe
2015-01-13 14:06 - 2013-08-22 05:36 - 00000000 ____D () C:\windows\servicing
2015-01-11 14:12 - 2014-12-20 13:29 - 00000000 ____D () C:\Users\steve\AppData\Roaming\FLEXnet
2015-01-11 14:11 - 2014-12-25 15:33 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

==================== Files in the root of some directories =======

2015-02-05 07:27 - 2015-02-05 07:27 - 0000020 _____ () C:\Users\steve\AppData\Roaming\appdataFr3.bin
2014-12-19 10:22 - 2014-12-25 12:55 - 0007605 _____ () C:\Users\steve\AppData\Local\resmon.resmoncfg
2014-10-17 17:46 - 2014-10-17 17:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-13 11:38 - 2014-12-24 18:46 - 0000021 _____ () C:\ProgramData\settings.cfg

Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\dllnt_dump.dll
C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9feozf.dll
C:\Users\steve\AppData\Local\Temp\octC581.tmp.exe
C:\Users\steve\AppData\Local\Temp\Quarantine.exe
C:\Users\steve\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 11:39

==================== End Of Log ============================

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #5 on: February 06, 2015, 01:13:40 PM »
ADDITIONAL LOG
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by steve at 2015-02-06 09:53:50
Running from C:\Users\steve\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.35.223.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.1.30 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.1.30 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Dropbox) (Version: 3.2.3 - Dropbox, Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.2 - Genesys Logic)
Harmony (HKLM-x32\...\{D02D9427-507D-4912-9285-97FCD5417E72}) (Version: 1.0.0.0828 - Lenovo)
Harmony (x32 Version: 1.0.0.0828 - Lenovo) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10002.14 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3871 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9800 - Broadcom Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11057 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{D3F38500-4C99-4E4F-9786-B907224E13A1}) (Version: 2.6.0.0528 - PointGrab)
Lenovo Motion Control (x32 Version: 2.6.0.0528 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo Paper Display (HKLM-x32\...\InstallShield_{B5E4B638-FFF0-408F-9FB6-732CAFC73063}) (Version: 1.0.0.020 - Lenovo)
Lenovo Paper Display (x32 Version: 1.0.0.020 - Lenovo) Hidden
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.5.0 - Lenovo Corporation)
Lenovo Settings (HKLM\...\{D14CCBF5-1A3A-4C08-955B-BE6D519835C4}_is1) (Version: 2.0.0.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.2.27 - Lenovo Group Limited)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.20 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.6 - Lenovo Group Limited)
Lenovo Settings WiFi (HKLM\...\{86045A6C-C156-4349-A3E2-47A88A42F5C2}_is1) (Version: 2.0.0.3 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.6181 - Lenovo)
Lenovo Yoga 3 Pro Demo (HKLM-x32\...\{A4D294C5-D925-4FEA-9C60-16B8CB92F95A}) (Version: 1.0.6 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 1.5.0.26 - Lenovo)
LenovoUtility (x32 Version: 1.5.0.26 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxx Audio Installer (x64) (Version: 1.6.4565.47 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Lync Web App Plug-in (HKLM\...\{D70E5485-A62A-40AF-B3F2-F7D3412BE341}) (Version: 15.8.8308.556 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MxtBootBridge Driver Package (HKLM-x32\...\InstallShield_{ADFCC3B7-27B9-4392-94AE-AA7686E9069B}) (Version: 6.3.9600.16384 - Atmel Corporation)
MxtBootBridge Driver Package (x32 Version: 6.3.9600.16384 - Atmel Corporation) Hidden
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
OneKey Optimizer (HKLM-x32\...\InstallShield_{D5D573DC-D989-4769-9B56-D6A7EA503D7F}) (Version: 1.1.20.13 - Lenovo)
OneKey Optimizer (x32 Version: 1.1.20.13 - Lenovo) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pale Moon 25.1.0 (x64 en-US) (HKLM\...\Pale Moon 25.1.0 (x64 en-US)) (Version: 25.1.0 - Moonchild Productions)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Start Menu (HKU\S-1-5-21-2026979168-75484373-854228467-1001\...\Pokki_Start_Menu) (Version: 0.269.5.465 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.85 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Atmel Corporation (mxtBootBridge) System  (12/16/2013 6.3.9600.16384) (HKLM\...\F8347C919D5589FEDC68DC66C0F3A5C9B7462730) (Version: 12/16/2013 6.3.9600.16384 - Atmel Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) Paper Display  (06/21/2014 1.0.0.0) (HKLM\...\5ECF5D114CC46EABC43D0207157DEFB68E9A74FB) (Version: 06/21/2014 1.0.0.0 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2026979168-75484373-854228467-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-01-2015 18:38:26 Removed User Manuals
28-01-2015 07:34:42 Windows Update
29-01-2015 14:59:31 Restore Operation
30-01-2015 10:42:16 30
05-02-2015 07:08:56 Windows Defender Checkpoint
05-02-2015 10:02:54 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2015-02-06 09:12 - 00001993 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {114DC4E2-2BD0-4B24-A837-BB154E79E340} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2014-03-05] ()
Task: {1D195F2A-7256-4ADE-BF36-AB302AF71FC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {241BC30A-70AD-418D-9E20-7243A64153C2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
Task: {48902443-AC42-4670-A0C1-8F132D7D9B7A} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-21] (Lenovo)
Task: {4928A801-2E67-4D91-A8F2-30BAF6AFA48F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {4AD9A39E-790F-471F-9C51-AE38DC0885CB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {515326AF-ED9C-4AB4-8E08-05F22F03C4A8} - System32\Tasks\{FB0319AA-1613-4FBC-946D-A685F1F9092A} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {6D210AA9-9BF1-495D-A89D-0E13240278FB} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {8B668DE1-18CA-4E40-AF88-3CCED23B4559} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {90532318-440E-4984-946D-5C4B032EAD3D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {A47B1559-BC1D-4B12-88D3-F0EE72CE20F8} - System32\Tasks\{BBEB88BF-FEEE-4E55-83C1-705EDA038551} => pcalua.exe -a "C:\Program Files\Pale Moon\uninstall\helper.exe"
Task: {EE422947-C7F2-450B-87BD-2B597A687745} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-03 11:46 - 2014-06-03 11:46 - 00049408 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-10-17 18:02 - 2014-08-14 13:11 - 00017176 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\HarmonyPicksService.exe
2014-10-17 18:02 - 2014-08-14 13:13 - 00018712 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe
2014-10-17 18:02 - 2014-08-27 15:27 - 00062232 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\Util.dll
2014-12-12 12:34 - 2014-12-12 12:34 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-10-17 18:02 - 2014-08-27 15:27 - 00018200 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\RemoteObject.dll
2014-10-17 18:02 - 2014-08-14 13:13 - 00075032 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonyAudio.dll
2014-10-17 18:02 - 2014-08-14 13:14 - 00017176 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll
2014-10-17 18:02 - 2014-08-14 13:14 - 00024344 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\PowerDll.DLL
2014-10-17 18:03 - 2014-10-17 18:03 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
2014-08-11 16:17 - 2014-08-11 16:17 - 00025368 _____ () C:\Program Files (x86)\Lenovo\PaperDisplay\PLHotkeyService.exe
2014-10-17 18:02 - 2014-10-17 18:02 - 00068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-10-17 18:02 - 2014-10-17 18:02 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-10-17 18:02 - 2014-05-20 15:16 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-10-17 18:01 - 2014-10-17 18:01 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2014-10-17 17:49 - 2014-03-05 00:49 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2014-10-17 18:02 - 2014-08-27 15:27 - 00062232 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\Util.dll
2014-10-17 18:02 - 2014-08-27 15:27 - 00018200 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\RemoteObject.dll
2014-12-12 12:34 - 2014-12-12 12:34 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-12-12 12:34 - 2014-12-12 12:34 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-12-09 14:36 - 2014-12-09 14:36 - 00019232 _____ () C:\windows\Microsoft.Net\assembly\GAC_MSIL\Lenovo.MetricCollectionSDK\v4.0_1.1.9.0__d43be3ee47b19ecb\Lenovo.MetricCollectionSDK.dll
2014-12-12 12:34 - 2014-12-12 12:34 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2014-12-12 12:34 - 2014-12-12 12:34 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2014-10-17 18:02 - 2014-08-14 13:12 - 00074520 _____ () C:\Program Files (x86)\Lenovo\Harmony\Picks\Lenovo.Harmonydll.dll
2015-02-06 08:27 - 2015-02-06 08:28 - 02112512 _____ () C:\Users\steve\Downloads\AdwCleaner(1).exe
2014-10-17 18:00 - 2014-07-09 16:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
2014-10-17 18:00 - 2014-07-09 16:19 - 00397296 _____ () C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
2014-10-17 17:45 - 2013-10-01 01:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-05-28 12:16 - 2014-05-28 12:16 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2015-01-20 12:10 - 2015-01-20 12:10 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll
2015-01-22 15:31 - 2015-01-22 15:31 - 00750080 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-06 09:13 - 2015-02-06 09:13 - 00043008 _____ () c:\users\steve\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9feozf.dll
2015-01-22 15:31 - 2015-01-22 15:31 - 00047616 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-22 15:31 - 2015-01-22 15:31 - 00865280 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-22 15:31 - 2015-01-22 15:31 - 00200704 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00402432 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00797696 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00133120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2014-10-17 18:02 - 2014-08-14 13:14 - 00160536 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\PG_SettingsLib.dll
2014-10-17 18:02 - 2014-08-14 13:14 - 00038168 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\PaperLookingAPI.dll
2014-10-17 18:02 - 2014-08-14 13:13 - 00018200 _____ () C:\Program Files (x86)\Lenovo\Harmony\Setting\Lenovo.Harmonydll.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00960000 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-12-14 13:18 - 2014-12-14 13:18 - 00337920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2015-01-26 19:57 - 2015-01-26 19:57 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-03 09:45 - 2014-07-03 09:45 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-06 09:49 - 2015-02-06 09:51 - 15431256 _____ () C:\Users\steve\Downloads\RogueKiller.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\steve\OneDrive:ms-properties
AlternateDataStreams: C:\Users\steve\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\steve\Desktop\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv:com.dropbox.attributes
AlternateDataStreams: C:\Users\steve\Downloads\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2026979168-75484373-854228467-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2026979168-75484373-854228467-500 - Administrator - Disabled)
Guest (S-1-5-21-2026979168-75484373-854228467-501 - Limited - Disabled)
steve (S-1-5-21-2026979168-75484373-854228467-1001 - Administrator - Enabled) => C:\Users\steve

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 09:47:09 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:37:05 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:16:56 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:12:49 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000

Error: (02/06/2015 09:12:49 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceget IsPDenable flag =  failed w/err 0x00000000

Error: (02/06/2015 09:12:14 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000001

Error: (02/06/2015 09:12:14 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001


System errors:
=============
Error: (02/06/2015 09:54:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ymc service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2015 09:51:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (02/06/2015 08:30:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (02/06/2015 08:30:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (02/06/2015 08:30:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (02/06/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CCSDK service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/06/2015 09:47:09 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:37:05 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:16:56 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x0000000a

Error: (02/06/2015 09:12:49 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000000

Error: (02/06/2015 09:12:49 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceevent type =  failed w/err 0x00008013

Error: (02/06/2015 09:12:36 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServiceget IsPDenable flag =  failed w/err 0x00000000

Error: (02/06/2015 09:12:14 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicereg session lock = failed w/err 0x00000001

Error: (02/06/2015 09:12:14 AM) (Source: PLCoreService) (EventID: 0) (User: )
Description: PLCoreServicesession change id =  failed w/err 0x00000001


CodeIntegrity Errors:
===================================
  Date: 2014-12-09 15:49:19.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #6 on: February 06, 2015, 01:48:28 PM »
Do not see any reference to the issue you mention in the posted logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.


Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.


In most cases, a restart will be required.


Wait for the prompt to restart the computer to appear, then click on Yes.


When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #7 on: February 06, 2015, 02:39:48 PM »
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by steve at 2015-02-06 12:17:42 Run:1
Running from C:\Users\steve\Desktop
Loaded Profiles: steve &  (Available profiles: steve)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (ProoShopper) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggieegkfjnibponfnjpelafgojglngpn [2015-02-05]
C:\Users\steve\AppData\Local\Temp\dllnt_dump.dll
C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9feozf.dll
C:\Users\steve\AppData\Local\Temp\octC581.tmp.exe
C:\Users\steve\AppData\Local\Temp\Quarantine.exe
C:\Users\steve\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\steve\OneDrive:ms-properties
AlternateDataStreams: C:\Users\steve\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\steve\Desktop\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv:com.dropbox.attributes
AlternateDataStreams: C:\Users\steve\Downloads\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv:com.dropbox.attributes
Hosts:
Emptytemp:
end



*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggieegkfjnibponfnjpelafgojglngpn => Moved successfully.
C:\Users\steve\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
"C:\Users\steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9feozf.dll" => File/Directory not found.
C:\Users\steve\AppData\Local\Temp\octC581.tmp.exe => Moved successfully.
C:\Users\steve\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\steve\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":B3503B59" ADS removed successfully.
"C:\Users\steve\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\steve\OneDrive.old" => ":ms-properties" ADS not found.
C:\Users\steve\Desktop\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\steve\Downloads\Lenovo Insiders Jun 2014 All IN Monthly Call 2 - Jun 26 2014 08.08.48 AM.wmv => ":com.dropbox.attributes" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2 GB temporary data.


The system needed a reboot. (was  rebooted)==== End of Fixlog 12:18:02 ====




MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/6/2015
Scan Time: 12:26:17 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.06.08
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338652
Time Elapsed: 7 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: i
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

...STILL WORKING ON THIS... MORE TO COME
a

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #8 on: February 06, 2015, 02:51:45 PM »
Thanks for the logs/update, post other logs anytime you`re ready. Also give an update ona any remaining issues or concerns...

Thanks,

Kevin...

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #9 on: February 06, 2015, 03:21:17 PM »
# AdwCleaner v4.110 - Logfile created 06/02/2015 at 13:05:21
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : steve - LENOVO-PC
# Running from : C:\Users\steve\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Pale Moon v25.2.0 (en-US)


-\\ Google Chrome v


*************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by steve on Fri 02/06/2015 at 13:23:42.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/06/2015 at 13:27:36.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT log



JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by steve on Fri 02/06/2015 at 13:29:56.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/06/2015 at 13:32:07.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

« Last Edit: February 06, 2015, 03:33:46 PM by zbestwun2001 »

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #10 on: February 06, 2015, 03:55:20 PM »
MRT log


---------------------------------------------------------------------------------------

Looks like you are getting some duplicates.... sorry about that... at this point, i've been logged out.


Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 11:17:51 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 11:17:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 12:19:04 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 12:19:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 13:00:00 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 13:00:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 13:54:03 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 13:54:04 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 14:09:53 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 14:09:54 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 14:33:49 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 14:33:50 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:02:54 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:02:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:12:28 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:12:28 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:21:49 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:21:50 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:39:05 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:39:06 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:48:35 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:48:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 15:56:43 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 15:56:44 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 16:02:17 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 16:02:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 16:14:47 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 16:14:48 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 16:48:23 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 16:48:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 17:39:48 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 17:39:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 17:55:29 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 17:55:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 18:01:21 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 18:01:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 18:15:51 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 18:15:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 18:18:01 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 18:18:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 18:35:22 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 18:35:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 05 18:39:31 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 05 18:39:32 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:13:02 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:13:03 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:26:59 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:27:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:29:54 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:29:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:32:30 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:32:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:36:37 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:36:37 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 07:51:21 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 07:51:25 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 08:20:06 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 08:56:39 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 08:56:47 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 10:36:57 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 10:37:00 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 11:21:28 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 11:21:28 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 12:20:18 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 12:20:19 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 13:38:00 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 13:43:19 2015


Return code: 0 (0x0)
.11000.0)
Started On Fri Feb 06 13:41:38 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 13:41:38 2015


Return code: 0 (0x0)


I ''think'' that's all the logs.

I haven't been bothered by that popup at all while working on it, but I bet it's that file in the registry....


Thanks   for the help...
Steve

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #11 on: February 06, 2015, 04:01:00 PM »
I did not see the issue you mentioned in any of the logs, run your system for a couple of hours, see what happens...

Offline zbestwun2001

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • Posts: 48
Re: [Resolved - K] Pop Ups
« Reply #12 on: February 06, 2015, 04:09:53 PM »
I did not see the issue you mentioned in any of the logs, run your system for a couple of hours, see what happens...
will do


this entry here under Registry i think is /he culprit.
***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

  As  you can see it says it's deleted but it continues to show up when I run a scan?
maybe we can pick it out with HJT?
« Last Edit: February 06, 2015, 04:13:31 PM by zbestwun2001 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #13 on: February 06, 2015, 04:13:52 PM »
OK, just post back anytime you`re ready. I`m in the UK, local time for me is 22:10, i`ll be online for maybe 2 more hours....

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop Ups
« Reply #14 on: February 07, 2015, 05:42:39 PM »
Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:regfind
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Let me see that log, also give an update on any remaining issues or concerns....

Thanks,

Kevin