Sophos log
2014-12-26 04:56:05.666 Sophos Virus Removal Tool version 2.5.4
2014-12-26 04:56:05.666 Copyright © 2009-2014 Sophos Limited. All rights reserved.
2014-12-26 04:56:05.666 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-12-26 04:56:05.666 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2014-12-26 04:56:05.666 Checking for updates...
2014-12-26 04:56:05.697 Update progress: proxy server not available
2014-12-26 04:56:31.554 Option all = no
2014-12-26 04:56:31.554 Option recurse = yes
2014-12-26 04:56:31.554 Option archive = no
2014-12-26 04:56:31.554 Option service = yes
2014-12-26 04:56:31.554 Option confirm = yes
2014-12-26 04:56:31.554 Option sxl = yes
2014-12-26 04:56:31.554 Option max-data-age = 35
2014-12-26 04:56:31.554 Option EnableSafeClean = yes
2014-12-26 04:56:33.208 Option vdl-logging = yes
2014-12-26 04:56:33.228 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-26 04:56:33.228 Machine ID: 8bb39bd88ed44ae6bc6c507ea7e45008
2014-12-26 04:56:33.232 Component SVRTcli.exe version 2.5.4
2014-12-26 04:56:33.232 Component control.dll version 2.5.4
2014-12-26 04:56:33.232 Component SVRTservice.exe version 2.5.4
2014-12-26 04:56:33.232 Component engine\osdp.dll version 1.44.1.2183
2014-12-26 04:56:33.232 Component engine\veex.dll version 3.58.3.2183
2014-12-26 04:56:33.232 Component engine\savi.dll version 8.1.5.2183
2014-12-26 04:56:33.232 Component rkdisk.dll version 1.5.30.0
2014-12-26 04:56:33.236 Version info: Product version 2.5.4
2014-12-26 04:56:33.236 Version info: Detection engine 3.58.3
2014-12-26 04:56:33.236 Version info: Detection data 5.08
2014-12-26 04:56:33.236 Version info: Build date 11/11/2014
2014-12-26 04:56:33.236 Version info: Data files added 462
2014-12-26 04:56:33.236 Version info: Last successful update (not yet updated)
2014-12-26 04:56:34.373 Downloading updates...
2014-12-26 04:56:34.388 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE509 LATEST
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE510 LATEST
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE511 LATEST
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE512 LATEST
2014-12-26 04:56:34.388 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-26 04:56:34.388 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-26 04:56:41.360 Update progress: [I19463] Syncing product IDE509 177
2014-12-26 04:56:45.643 Installing updates...
2014-12-26 04:56:46.686 Error level 1
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE510 179
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE511 109
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE512 1
2014-12-26 04:57:08.947 Update successful
2014-12-26 04:57:33.982 Option all = no
2014-12-26 04:57:33.982 Option recurse = yes
2014-12-26 04:57:33.982 Option archive = no
2014-12-26 04:57:33.982 Option service = yes
2014-12-26 04:57:33.982 Option confirm = yes
2014-12-26 04:57:33.982 Option sxl = yes
2014-12-26 04:57:33.986 Option max-data-age = 35
2014-12-26 04:57:33.986 Option EnableSafeClean = yes
2014-12-26 04:57:34.618 Option vdl-logging = yes
2014-12-26 04:57:34.638 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-26 04:57:34.638 Machine ID: 8bb39bd88ed44ae6bc6c507ea7e45008
2014-12-26 04:57:34.638 Component SVRTcli.exe version 2.5.4
2014-12-26 04:57:34.638 Component control.dll version 2.5.4
2014-12-26 04:57:34.642 Component SVRTservice.exe version 2.5.4
2014-12-26 04:57:34.642 Component engine\osdp.dll version 1.44.1.2183
2014-12-26 04:57:34.642 Component engine\veex.dll version 3.58.3.2183
2014-12-26 04:57:34.642 Component engine\savi.dll version 8.1.5.2183
2014-12-26 04:57:34.642 Component rkdisk.dll version 1.5.30.0
2014-12-26 04:57:34.642 Version info: Product version 2.5.4
2014-12-26 04:57:34.646 Version info: Detection engine 3.58.3
2014-12-26 04:57:34.646 Version info: Detection data 5.08G
2014-12-26 04:57:34.646 Version info: Build date 11/11/2014
2014-12-26 04:57:34.646 Version info: Data files added 462
2014-12-26 04:57:34.646 Version info: Last successful update 26/12/2014 12:57:08 PM
2014-12-26 05:28:54.352 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\ProgramData\Mini - Adblocker\Mini - Adblocker.exe
2014-12-26 05:29:04.191 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\ProgramData\Yellow AdBlocker\Yellow AdBlocker.exe
2014-12-26 05:29:19.927 Could not open C:\hiberfil.sys
2014-12-26 05:29:22.879 Could not open C:\pagefile.sys
2014-12-26 05:39:52.734 Could not open C:\swapfile.sys
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{1111202a-877d-11e4-bf35-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{5f049283-8b68-11e4-bf3b-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{5f049415-8b68-11e4-bf3b-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{8f92e0eb-8685-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{d24e16df-7be7-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{eb1dc7ca-8167-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:40:00.575 Could not open C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Current Session
2014-12-26 05:40:00.575 Could not open C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2014-12-26 05:40:00.595 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2014-12-26 05:40:00.619 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2014-12-26 05:40:05.299 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2014-12-26 05:40:05.319 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2014-12-26 05:40:05.519 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2014-12-26 05:40:05.763 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2014-12-26 05:48:19.270 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-26 05:48:19.270 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-26 05:48:21.631 Could not open C:\Windows\System32\config\BBI
2014-12-26 05:48:21.679 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-26 05:48:21.683 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-26 05:48:21.683 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-26 05:48:21.687 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-26 05:48:21.691 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-26 06:20:04.899 The following items will be cleaned up:
2014-12-26 06:20:04.899 Mal/Generic-S
HitmanPro log
HitmanPro 3.7.9.232
www.hitmanpro.com
Computer name . . . . : PEANUT
Windows . . . . . . . : 6.2.0.9200.X64/4
User name . . . . . . : PEANUT\KengLing
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-12-26 15:07:17
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 6
Objects scanned . . . : 1,893,297
Files scanned . . . . : 33,228
Remnants scanned . . : 339,687 files / 1,520,382 keys
Suspicious files ____________________________________________________________
C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST.exe
Size . . . . . . . : 1,113,600 bytes
Age . . . . . . . : 7.1 days (2014-12-19 13:31:16)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 8A341EF12F091C2AC10665BEC4EB8D9DD372F07BD8D12B424D4C6EE2A221BEF4
Needs elevation . : Yes
Fuzzy . . . . . . : 23.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2,121,216 bytes
Age . . . . . . . : 7.1 days (2014-12-19 13:31:46)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 58F871144764E55A788C1B9092D2E517A271ABA9A09F53CB26BB110E90556696
Needs elevation . : Yes
Fuzzy . . . . . . : 23.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
C:\Users\KengLing\Desktop\Downloads\FRST64.exe
Size . . . . . . . : 2,122,240 bytes
Age . . . . . . . : 5.6 days (2014-12-21 00:08:58)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 2D4FA9C49A85A245AFBC7702A10CB87DC18C10539E53A12A78FAA55101445100
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E74410E3-653C-4036-A23D-AD16C732C448}
0.0s C:\Users\KengLing\Desktop\Downloads\FRST64.exe
2.9s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\
Cookies _____________________________________________________________________
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
Panda cloud log
Unknown. FILE: C:\PROGRAM FILES (X86)\REALTEK\REALTEK BLUETOOTH\BTDEVMGR.EXE to be deleted.
Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\BTDevManager. Key to be deleted.
Unknown. FILE: C:\PROGRAMDATA\MICROSOFT\WINDOWS\OFFICEICON.VBS to be deleted.
Unknown. TASK: Task\[OFFICE2010ACT]. Task to be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
. REGKEY: HKCR\SNT.SNT.2.1. Key to be deleted.
. REGKEY: HKCR\SNT.SNT. Key to be deleted.
. REGKEY: HKCR\SNT.SNT.2.1. Key to be deleted.
. REGKEY: HKCR\SNT.SNT. Key to be deleted.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by KengLing (administrator) on PEANUT on 26-12-2014 15:42:01
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [892664 2012-12-18] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-30] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-04] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-02-04] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-07] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{317D32CC-4697-4026-961E-D223C0272349}: [NameServer]
Tcpip\..\Interfaces\{E64DD415-98C6-408C-A60E-B95D12826413}: [NameServer]
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KengLing\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Page Eraser) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-19]
CHR Extension: (SnapPea Photos) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Bookmark Manager) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (School Bus Parking 3D) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmafmjnkhlldllbeggkpfnhfhdcbfade [2014-12-19]
CHR Extension: (New Tab Redirect Plus!) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (AudioSauna) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (FlashControl) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [44032 2012-12-06] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-08-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-04] (Lenovo)
S2 DptfParticipantProcessorService; %SystemRoot%\system32\DptfParticipantProcessorService.exe [X]
S2 DptfPolicyConfigTDPService; %SystemRoot%\system32\DptfPolicyConfigTDPService.exe [X]
S2 DptfPolicyLpmService; %SystemRoot%\system32\DptfPolicyLpmService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 br3gmdm; C:\Windows\system32\DRIVERS\br3gmdm.sys [122880 2009-09-23] (BandRich Inc.) [File not signed]
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-23] (Emsisoft GmbH)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-02-04] (Lenovo)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1579232 2013-01-04] (Realtek Semiconductor Corporation )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-26 15:28 - 2014-12-26 15:28 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-26 15:21 - 2014-12-26 15:21 - 00001249 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-12-26 15:21 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2014-12-26 15:20 - 2014-12-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-26 15:06 - 2014-12-26 15:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 12:56 - 2014-12-26 12:56 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 12:55 - 2014-12-26 12:55 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-24 00:54 - 2014-12-24 00:54 - 00000754 _____ () C:\Users\KengLing\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\EEK
2014-12-23 00:24 - 2014-12-23 00:24 - 00027890 _____ () C:\Users\KengLing\Desktop\MyEsetScan.txt
2014-12-21 00:10 - 2014-12-21 00:10 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-21 00:10 - 2014-12-21 00:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 21:49 - 2014-12-19 21:49 - 00000739 _____ () C:\Users\KengLing\Desktop\JRT.txt
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-19 21:37 - 2014-12-19 21:41 - 00000000 ____D () C:\AdwCleaner
2014-12-19 21:34 - 2014-12-26 15:39 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 21:34 - 2014-12-26 12:52 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 21:34 - 2014-12-19 21:34 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 21:34 - 2014-12-19 21:34 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 21:34 - 2014-12-19 21:34 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 21:34 - 2014-12-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 21:01 - 2014-12-19 21:01 - 00001544 _____ () C:\windows\comsetup.log
2014-12-19 20:51 - 2014-12-19 20:51 - 00001231 _____ () C:\Users\KengLing\Desktop\Revo Uninstaller.lnk
2014-12-19 20:51 - 2014-12-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagwrn.xml
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagerr.xml
2014-12-19 13:32 - 2014-12-26 15:42 - 00000000 ____D () C:\FRST
2014-12-18 15:53 - 2014-10-09 12:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-18 15:53 - 2014-10-09 12:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-18 15:53 - 2014-10-09 12:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-18 15:21 - 2014-10-11 15:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-18 15:21 - 2014-10-11 13:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-18 15:21 - 2014-10-09 11:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-18 15:21 - 2014-09-22 13:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-18 15:21 - 2014-09-22 11:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-18 15:20 - 2014-11-06 14:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 15:20 - 2014-11-06 13:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 15:19 - 2014-11-21 15:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 15:19 - 2014-11-21 15:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 15:18 - 2014-11-21 16:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 15:18 - 2014-11-21 16:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 15:18 - 2014-11-21 15:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 14:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 12:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-11-27 22:52 - 2014-11-19 15:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-27 22:52 - 2014-11-19 15:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-26 15:42 - 2013-02-04 15:21 - 00000000 ____D () C:\ProgramData\Realtek
2014-12-26 15:38 - 2013-03-11 18:49 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-336608445-27866453-704810108-1001
2014-12-26 15:02 - 2013-11-01 01:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 15:00 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-26 13:12 - 2013-02-04 15:17 - 01749686 _____ () C:\windows\WindowsUpdate.log
2014-12-26 12:52 - 2013-11-28 20:33 - 00000000 ___RD () C:\Users\KengLing\Dropbox
2014-12-26 12:52 - 2013-11-28 20:31 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Dropbox
2014-12-26 12:52 - 2013-03-11 18:41 - 00044608 _____ () C:\Users\KengLing\AppData\Local\BTServer.log
2014-12-25 22:52 - 2013-03-11 19:12 - 17170618 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-25 22:35 - 2013-02-04 16:11 - 00444878 _____ () C:\windows\system32\prfh0804.dat
2014-12-25 22:35 - 2013-02-04 16:11 - 00140712 _____ () C:\windows\system32\prfc0804.dat
2014-12-25 22:35 - 2012-07-26 15:28 - 01403652 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-24 20:28 - 2012-07-26 15:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 20:28 - 2012-07-26 13:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-12-24 00:46 - 2012-10-10 07:08 - 00203236 _____ () C:\windows\PFRO.log
2014-12-24 00:45 - 2013-03-11 18:41 - 00000000 ____D () C:\Users\KengLing
2014-12-24 00:33 - 2014-04-21 19:16 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\CloudMedia
2014-12-24 00:09 - 2014-09-26 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 21:34 - 2013-03-11 18:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 21:34 - 2013-03-11 18:47 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Deployment
2014-12-19 21:23 - 2014-01-30 15:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 21:19 - 2012-07-26 16:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-19 21:17 - 2012-07-26 15:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-19 21:08 - 2012-07-26 15:21 - 00498868 _____ () C:\windows\setupact.log
2014-12-19 21:08 - 2012-07-26 13:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-19 21:07 - 2012-07-26 16:13 - 00003611 _____ () C:\windows\DtcInstall.log
2014-12-19 21:01 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\Registration
2014-12-19 20:57 - 2013-02-04 15:19 - 00174841 _____ () C:\windows\system32\CoInst.log
2014-12-19 20:56 - 2014-09-24 23:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-19 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-19 20:46 - 2014-01-31 17:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 20:46 - 2014-01-31 17:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-19 13:33 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-19 13:30 - 2013-11-28 20:33 - 00000999 _____ () C:\Users\KengLing\Desktop\Dropbox.lnk
2014-12-19 13:30 - 2013-11-28 20:32 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 16:04 - 2012-07-26 16:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2013-11-01 01:35 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 15:21 - 2014-10-25 18:06 - 00000004 _____ () C:\Users\KengLing\AppData\Roaming\appdataFr2.bin
2014-12-13 02:23 - 2013-07-27 19:34 - 00000000 ____D () C:\Users\KengLing\Desktop\MEMORY STORAGE
2014-12-13 02:14 - 2013-11-28 12:10 - 00000000 ____D () C:\Users\KengLing\Desktop\32 GB MICRO SD
2014-12-10 20:03 - 2013-11-01 01:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:02 - 2014-09-10 02:07 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\KengLing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkalr2t.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-18 15:48
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-26 15:43:09
Running from C:\Users\KengLing\Desktop\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.203 - Huawei Technologies Co.,Ltd)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{82CB9E8F-F4B6-4E17-9D1B-33BF238A5A70}) (Version: 15.0.1681 - Microsoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-12-2014 03:16:17 Scheduled Checkpoint
18-12-2014 15:48:22 Windows Update
19-12-2014 21:13:46 Restore Point Created by FRST
24-12-2014 20:31:55 Windows Update
26-12-2014 12:54:55 Installed Sophos Virus Removal Tool.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 13:26 - 2014-01-31 17:25 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07D138E3-3B00-47A3-BB9F-EE706F70C6FC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {21442F9B-17E5-4A5F-8CEA-BEA1AA9BABF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {91D61CAE-E8B1-4F3B-BA1D-916E87B11A71} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A4AEF13D-A804-4DE5-A824-6390D326F3DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {AA39E06D-5C0D-46DF-A0C5-0FB24862C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C37D08A7-6787-4BB3-BA94-686BE6EE3BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-02-04 15:21 - 2012-12-06 07:13 - 00044032 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-08 22:38 - 2012-06-28 10:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyLpmDll.dll
2013-02-04 15:19 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-08-27 12:29 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-10-08 22:38 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-08 22:38 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-08 22:38 - 2010-07-23 12:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-08 22:38 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-08 22:38 - 2012-06-28 10:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-08 22:38 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-02-04 15:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-26 12:52 - 2014-12-26 12:52 - 00043008 _____ () c:\users\kengling\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkalr2t.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "FlashGet 3"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
========================= Accounts: ==========================
Administrator (S-1-5-21-336608445-27866453-704810108-500 - Administrator - Disabled)
Guest (S-1-5-21-336608445-27866453-704810108-501 - Limited - Disabled)
KengLing (S-1-5-21-336608445-27866453-704810108-1001 - Administrator - Enabled) => C:\Users\KengLing
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/26/2014 03:41:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (12/26/2014 03:37:50 PM) (Source: ESENT) (EventID: 474) (User: )
Description: SettingSyncHost (3280) {3D2B825E-669D-4FF0-BAC6-F4369D7A9483}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page SettingSyncHost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 02:57:45 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (752) {5A1E1B1F-3B11-4D9F-8FEB-91DD41482751}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 02:53:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1616) {09C59216-BAD4-4E83-8B61-4881DAF2B690}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 02:53:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1616) {8CF999A7-F88F-4BA1-8B98-43D954079683}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 01:18:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (4280) {0B97E45A-0029-432C-9AA7-2D3267BAB4AC}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 01:18:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (4580) {9C773A58-77B3-47F6-9C0C-5EECB787D8BE}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 01:18:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5880) {37292A23-89EC-4AF0-8F99-049D0E5EC3F7}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (12/26/2014 01:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (12/26/2014 00:55:11 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1492) {F9D504A3-6776-485B-8796-3DEF6CDC3802}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
System errors:
=============
Error: (12/26/2014 03:21:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys
Error: (12/24/2014 08:32:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc190010a: English ESD Bundle Parent.
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error:
%%2
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Config TDP Service Application service failed to start due to the following error:
%%2
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application service failed to start due to the following error:
%%2
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
Error: (10/16/2013 06:32:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39619 seconds with 4440 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel® Core i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3975.27 MB
Available physical RAM: 2288.02 MB
Total Pagefile: 5575.27 MB
Available Pagefile: 3688.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:100.96 GB) (Free:6.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B236BD6)
Partition: GPT Partition Type.
==================== End Of Log ============================