Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Getting Strange Popups in my google chrome browser [Solved]


  • This topic is locked This topic is locked
22 replies to this topic

#16 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 26 December 2014 - 01:46 AM

Sophos log

 

2014-12-26 04:56:05.666 Sophos Virus Removal Tool version 2.5.4
2014-12-26 04:56:05.666 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-12-26 04:56:05.666 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-12-26 04:56:05.666 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2014-12-26 04:56:05.666 Checking for updates...
2014-12-26 04:56:05.697 Update progress: proxy server not available
2014-12-26 04:56:31.554 Option all = no
2014-12-26 04:56:31.554 Option recurse = yes
2014-12-26 04:56:31.554 Option archive = no
2014-12-26 04:56:31.554 Option service = yes
2014-12-26 04:56:31.554 Option confirm = yes
2014-12-26 04:56:31.554 Option sxl = yes
2014-12-26 04:56:31.554 Option max-data-age = 35
2014-12-26 04:56:31.554 Option EnableSafeClean = yes
2014-12-26 04:56:33.208 Option vdl-logging = yes
2014-12-26 04:56:33.228 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-26 04:56:33.228 Machine ID: 8bb39bd88ed44ae6bc6c507ea7e45008
2014-12-26 04:56:33.232 Component SVRTcli.exe version 2.5.4
2014-12-26 04:56:33.232 Component control.dll version 2.5.4
2014-12-26 04:56:33.232 Component SVRTservice.exe version 2.5.4
2014-12-26 04:56:33.232 Component engine\osdp.dll version 1.44.1.2183
2014-12-26 04:56:33.232 Component engine\veex.dll version 3.58.3.2183
2014-12-26 04:56:33.232 Component engine\savi.dll version 8.1.5.2183
2014-12-26 04:56:33.232 Component rkdisk.dll version 1.5.30.0
2014-12-26 04:56:33.236 Version info: Product version 2.5.4
2014-12-26 04:56:33.236 Version info: Detection engine 3.58.3
2014-12-26 04:56:33.236 Version info: Detection data 5.08
2014-12-26 04:56:33.236 Version info: Build date 11/11/2014
2014-12-26 04:56:33.236 Version info: Data files added 462
2014-12-26 04:56:33.236 Version info: Last successful update (not yet updated)
2014-12-26 04:56:34.373 Downloading updates...
2014-12-26 04:56:34.388 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE509 LATEST 
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE510 LATEST 
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE511 LATEST 
2014-12-26 04:56:34.388 Update progress: [I49502] Found supplement IDE512 LATEST 
2014-12-26 04:56:34.388 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-26 04:56:34.388 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-26 04:56:41.360 Update progress: [I19463] Syncing product IDE509 177
2014-12-26 04:56:45.643 Installing updates...
2014-12-26 04:56:46.686 Error level 1
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE510 179
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE511 109
2014-12-26 04:56:46.734 Update progress: [I19463] Syncing product IDE512 1
2014-12-26 04:57:08.947 Update successful
2014-12-26 04:57:33.982 Option all = no
2014-12-26 04:57:33.982 Option recurse = yes
2014-12-26 04:57:33.982 Option archive = no
2014-12-26 04:57:33.982 Option service = yes
2014-12-26 04:57:33.982 Option confirm = yes
2014-12-26 04:57:33.982 Option sxl = yes
2014-12-26 04:57:33.986 Option max-data-age = 35
2014-12-26 04:57:33.986 Option EnableSafeClean = yes
2014-12-26 04:57:34.618 Option vdl-logging = yes
2014-12-26 04:57:34.638 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-26 04:57:34.638 Machine ID: 8bb39bd88ed44ae6bc6c507ea7e45008
2014-12-26 04:57:34.638 Component SVRTcli.exe version 2.5.4
2014-12-26 04:57:34.638 Component control.dll version 2.5.4
2014-12-26 04:57:34.642 Component SVRTservice.exe version 2.5.4
2014-12-26 04:57:34.642 Component engine\osdp.dll version 1.44.1.2183
2014-12-26 04:57:34.642 Component engine\veex.dll version 3.58.3.2183
2014-12-26 04:57:34.642 Component engine\savi.dll version 8.1.5.2183
2014-12-26 04:57:34.642 Component rkdisk.dll version 1.5.30.0
2014-12-26 04:57:34.642 Version info: Product version 2.5.4
2014-12-26 04:57:34.646 Version info: Detection engine 3.58.3
2014-12-26 04:57:34.646 Version info: Detection data 5.08G
2014-12-26 04:57:34.646 Version info: Build date 11/11/2014
2014-12-26 04:57:34.646 Version info: Data files added 462
2014-12-26 04:57:34.646 Version info: Last successful update 26/12/2014 12:57:08 PM
 
2014-12-26 05:28:54.352 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\ProgramData\Mini - Adblocker\Mini - Adblocker.exe
2014-12-26 05:29:04.191 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\ProgramData\Yellow AdBlocker\Yellow AdBlocker.exe
2014-12-26 05:29:19.927 Could not open C:\hiberfil.sys
2014-12-26 05:29:22.879 Could not open C:\pagefile.sys
2014-12-26 05:39:52.734 Could not open C:\swapfile.sys
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{1111202a-877d-11e4-bf35-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.858 Could not open C:\System Volume Information\{5f049283-8b68-11e4-bf3b-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{5f049415-8b68-11e4-bf3b-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{8f92e0eb-8685-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{d24e16df-7be7-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:39:52.862 Could not open C:\System Volume Information\{eb1dc7ca-8167-11e4-bf31-2cd05a10fb35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-26 05:40:00.575 Could not open C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Current Session
2014-12-26 05:40:00.575 Could not open C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2014-12-26 05:40:00.595 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2014-12-26 05:40:00.619 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2014-12-26 05:40:05.299 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2014-12-26 05:40:05.319 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2014-12-26 05:40:05.519 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2014-12-26 05:40:05.763 Could not check C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2014-12-26 05:48:19.270 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-26 05:48:19.270 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-26 05:48:21.631 Could not open C:\Windows\System32\config\BBI
2014-12-26 05:48:21.679 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-26 05:48:21.683 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-26 05:48:21.683 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-26 05:48:21.687 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-26 05:48:21.691 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-26 06:20:04.899 The following items will be cleaned up:
2014-12-26 06:20:04.899 Mal/Generic-S
 
HitmanPro log
 
HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : PEANUT
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : PEANUT\KengLing
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-12-26 15:07:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 6
 
   Objects scanned . . . : 1,893,297
   Files scanned . . . . : 33,228
   Remnants scanned  . . : 339,687 files / 1,520,382 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1,113,600 bytes
      Age  . . . . . . . : 7.1 days (2014-12-19 13:31:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8A341EF12F091C2AC10665BEC4EB8D9DD372F07BD8D12B424D4C6EE2A221BEF4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,121,216 bytes
      Age  . . . . . . . : 7.1 days (2014-12-19 13:31:46)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 58F871144764E55A788C1B9092D2E517A271ABA9A09F53CB26BB110E90556696
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\FRST64.exe
 
   C:\Users\KengLing\Desktop\Downloads\FRST64.exe
      Size . . . . . . . : 2,122,240 bytes
      Age  . . . . . . . : 5.6 days (2014-12-21 00:08:58)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 2D4FA9C49A85A245AFBC7702A10CB87DC18C10539E53A12A78FAA55101445100
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E74410E3-653C-4036-A23D-AD16C732C448}
          0.0s C:\Users\KengLing\Desktop\Downloads\FRST64.exe
          2.9s C:\Users\KengLing\Desktop\Downloads\FRST-OlderVersion\
 
 
Cookies _____________________________________________________________________
 
   C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
 
 
 
Panda cloud log

 

Unknown. FILE: C:\PROGRAM FILES (X86)\REALTEK\REALTEK BLUETOOTH\BTDEVMGR.EXE to be deleted.
 
Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\BTDevManager. Key to be deleted.
 
Unknown. FILE: C:\PROGRAMDATA\MICROSOFT\WINDOWS\OFFICEICON.VBS to be deleted.
 
Unknown. TASK: Task\[OFFICE2010ACT]. Task to be deleted.
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
. REGKEY: HKCR\SNT.SNT.2.1. Key to be deleted.
 
. REGKEY: HKCR\SNT.SNT. Key to be deleted.
 
. REGKEY: HKCR\SNT.SNT.2.1. Key to be deleted.
 
. REGKEY: HKCR\SNT.SNT. Key to be deleted.
 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by KengLing (administrator) on PEANUT on 26-12-2014 15:42:01
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [892664 2012-12-18] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-30] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-04] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-02-04] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-07] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{317D32CC-4697-4026-961E-D223C0272349}: [NameServer]  
Tcpip\..\Interfaces\{E64DD415-98C6-408C-A60E-B95D12826413}: [NameServer]  
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KengLing\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Page Eraser) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-19]
CHR Extension: (SnapPea Photos) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Bookmark Manager) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (School Bus Parking 3D) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmafmjnkhlldllbeggkpfnhfhdcbfade [2014-12-19]
CHR Extension: (New Tab Redirect Plus!) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (AudioSauna) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (FlashControl) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [44032 2012-12-06] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-08-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-04] (Lenovo)
S2 DptfParticipantProcessorService; %SystemRoot%\system32\DptfParticipantProcessorService.exe [X]
S2 DptfPolicyConfigTDPService; %SystemRoot%\system32\DptfPolicyConfigTDPService.exe [X]
S2 DptfPolicyLpmService; %SystemRoot%\system32\DptfPolicyLpmService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 br3gmdm; C:\Windows\system32\DRIVERS\br3gmdm.sys [122880 2009-09-23] (BandRich Inc.) [File not signed]
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-23] (Emsisoft GmbH)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-02-04] (Lenovo)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1579232 2013-01-04] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-26 15:28 - 2014-12-26 15:28 - 00000000 ____D () C:\Program Files\HitmanPro
2014-12-26 15:21 - 2014-12-26 15:21 - 00001249 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-12-26 15:21 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2014-12-26 15:20 - 2014-12-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-26 15:20 - 2014-12-26 15:20 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-26 15:06 - 2014-12-26 15:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-26 12:56 - 2014-12-26 12:56 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-26 12:55 - 2014-12-26 12:55 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-26 12:55 - 2014-12-26 12:55 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-24 00:54 - 2014-12-24 00:54 - 00000754 _____ () C:\Users\KengLing\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\EEK
2014-12-23 00:24 - 2014-12-23 00:24 - 00027890 _____ () C:\Users\KengLing\Desktop\MyEsetScan.txt
2014-12-21 00:10 - 2014-12-21 00:10 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-21 00:10 - 2014-12-21 00:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 21:49 - 2014-12-19 21:49 - 00000739 _____ () C:\Users\KengLing\Desktop\JRT.txt
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-19 21:37 - 2014-12-19 21:41 - 00000000 ____D () C:\AdwCleaner
2014-12-19 21:34 - 2014-12-26 15:39 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 21:34 - 2014-12-26 12:52 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 21:34 - 2014-12-19 21:34 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 21:34 - 2014-12-19 21:34 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 21:34 - 2014-12-19 21:34 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 21:34 - 2014-12-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 21:01 - 2014-12-19 21:01 - 00001544 _____ () C:\windows\comsetup.log
2014-12-19 20:51 - 2014-12-19 20:51 - 00001231 _____ () C:\Users\KengLing\Desktop\Revo Uninstaller.lnk
2014-12-19 20:51 - 2014-12-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagwrn.xml
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagerr.xml
2014-12-19 13:32 - 2014-12-26 15:42 - 00000000 ____D () C:\FRST
2014-12-18 15:53 - 2014-10-09 12:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-18 15:53 - 2014-10-09 12:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-18 15:53 - 2014-10-09 12:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-18 15:21 - 2014-10-11 15:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-18 15:21 - 2014-10-11 13:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-18 15:21 - 2014-10-09 11:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-18 15:21 - 2014-09-22 13:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-18 15:21 - 2014-09-22 11:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-18 15:20 - 2014-11-06 14:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 15:20 - 2014-11-06 13:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 15:19 - 2014-11-21 15:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 15:19 - 2014-11-21 15:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 15:18 - 2014-11-21 16:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 15:18 - 2014-11-21 16:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 15:18 - 2014-11-21 15:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 14:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 12:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-11-27 22:52 - 2014-11-19 15:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-27 22:52 - 2014-11-19 15:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-26 15:42 - 2013-02-04 15:21 - 00000000 ____D () C:\ProgramData\Realtek
2014-12-26 15:38 - 2013-03-11 18:49 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-336608445-27866453-704810108-1001
2014-12-26 15:02 - 2013-11-01 01:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 15:00 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-26 13:12 - 2013-02-04 15:17 - 01749686 _____ () C:\windows\WindowsUpdate.log
2014-12-26 12:52 - 2013-11-28 20:33 - 00000000 ___RD () C:\Users\KengLing\Dropbox
2014-12-26 12:52 - 2013-11-28 20:31 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Dropbox
2014-12-26 12:52 - 2013-03-11 18:41 - 00044608 _____ () C:\Users\KengLing\AppData\Local\BTServer.log
2014-12-25 22:52 - 2013-03-11 19:12 - 17170618 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-25 22:35 - 2013-02-04 16:11 - 00444878 _____ () C:\windows\system32\prfh0804.dat
2014-12-25 22:35 - 2013-02-04 16:11 - 00140712 _____ () C:\windows\system32\prfc0804.dat
2014-12-25 22:35 - 2012-07-26 15:28 - 01403652 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-24 20:28 - 2012-07-26 15:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 20:28 - 2012-07-26 13:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-12-24 00:46 - 2012-10-10 07:08 - 00203236 _____ () C:\windows\PFRO.log
2014-12-24 00:45 - 2013-03-11 18:41 - 00000000 ____D () C:\Users\KengLing
2014-12-24 00:33 - 2014-04-21 19:16 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\CloudMedia
2014-12-24 00:09 - 2014-09-26 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 21:34 - 2013-03-11 18:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 21:34 - 2013-03-11 18:47 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Deployment
2014-12-19 21:23 - 2014-01-30 15:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 21:19 - 2012-07-26 16:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-19 21:17 - 2012-07-26 15:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-19 21:08 - 2012-07-26 15:21 - 00498868 _____ () C:\windows\setupact.log
2014-12-19 21:08 - 2012-07-26 13:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-19 21:07 - 2012-07-26 16:13 - 00003611 _____ () C:\windows\DtcInstall.log
2014-12-19 21:01 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\Registration
2014-12-19 20:57 - 2013-02-04 15:19 - 00174841 _____ () C:\windows\system32\CoInst.log
2014-12-19 20:56 - 2014-09-24 23:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-19 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-19 20:46 - 2014-01-31 17:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 20:46 - 2014-01-31 17:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-19 13:33 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-19 13:30 - 2013-11-28 20:33 - 00000999 _____ () C:\Users\KengLing\Desktop\Dropbox.lnk
2014-12-19 13:30 - 2013-11-28 20:32 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 16:04 - 2012-07-26 16:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2013-11-01 01:35 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 15:21 - 2014-10-25 18:06 - 00000004 _____ () C:\Users\KengLing\AppData\Roaming\appdataFr2.bin
2014-12-13 02:23 - 2013-07-27 19:34 - 00000000 ____D () C:\Users\KengLing\Desktop\MEMORY STORAGE
2014-12-13 02:14 - 2013-11-28 12:10 - 00000000 ____D () C:\Users\KengLing\Desktop\32 GB MICRO SD
2014-12-10 20:03 - 2013-11-01 01:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:02 - 2014-09-10 02:07 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\KengLing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkalr2t.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-18 15:48
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-26 15:43:09
Running from C:\Users\KengLing\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.203 - Huawei Technologies Co.,Ltd)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{82CB9E8F-F4B6-4E17-9D1B-33BF238A5A70}) (Version: 15.0.1681 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-12-2014 03:16:17 Scheduled Checkpoint
18-12-2014 15:48:22 Windows Update
19-12-2014 21:13:46 Restore Point Created by FRST
24-12-2014 20:31:55 Windows Update
26-12-2014 12:54:55 Installed Sophos Virus Removal Tool.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2014-01-31 17:25 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07D138E3-3B00-47A3-BB9F-EE706F70C6FC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {21442F9B-17E5-4A5F-8CEA-BEA1AA9BABF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {91D61CAE-E8B1-4F3B-BA1D-916E87B11A71} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A4AEF13D-A804-4DE5-A824-6390D326F3DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {AA39E06D-5C0D-46DF-A0C5-0FB24862C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C37D08A7-6787-4BB3-BA94-686BE6EE3BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-04 15:21 - 2012-12-06 07:13 - 00044032 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-08 22:38 - 2012-06-28 10:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyLpmDll.dll
2013-02-04 15:19 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-08-27 12:29 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-10-08 22:38 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-08 22:38 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-08 22:38 - 2010-07-23 12:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-08 22:38 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-08 22:38 - 2012-06-28 10:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-08 22:38 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-02-04 15:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-26 12:52 - 2014-12-26 12:52 - 00043008 _____ () c:\users\kengling\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkalr2t.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "FlashGet 3"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-336608445-27866453-704810108-500 - Administrator - Disabled)
Guest (S-1-5-21-336608445-27866453-704810108-501 - Limited - Disabled)
KengLing (S-1-5-21-336608445-27866453-704810108-1001 - Administrator - Enabled) => C:\Users\KengLing
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/26/2014 03:41:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (12/26/2014 03:37:50 PM) (Source: ESENT) (EventID: 474) (User: )
Description: SettingSyncHost (3280) {3D2B825E-669D-4FF0-BAC6-F4369D7A9483}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page SettingSyncHost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 02:57:45 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (752) {5A1E1B1F-3B11-4D9F-8FEB-91DD41482751}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 02:53:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1616) {09C59216-BAD4-4E83-8B61-4881DAF2B690}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 02:53:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1616) {8CF999A7-F88F-4BA1-8B98-43D954079683}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 01:18:30 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (4280) {0B97E45A-0029-432C-9AA7-2D3267BAB4AC}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 01:18:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (4580) {9C773A58-77B3-47F6-9C0C-5EECB787D8BE}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 01:18:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5880) {37292A23-89EC-4AF0-8F99-049D0E5EC3F7}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/26/2014 01:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (12/26/2014 00:55:11 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (1492) {F9D504A3-6776-485B-8796-3DEF6CDC3802}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (12/26/2014 03:21:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys
 
Error: (12/24/2014 08:32:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc190010a: English ESD Bundle Parent.
 
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Config TDP Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 08:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2013 06:32:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39619 seconds with 4440 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3975.27 MB
Available physical RAM: 2288.02 MB
Total Pagefile: 5575.27 MB
Available Pagefile: 3688.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:100.96 GB) (Free:6.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B236BD6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

    Advertisements

Register to Remove


#17 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 26 December 2014 - 01:47 AM

Merry Xmas too sir btw



#18 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 27 December 2014 - 05:54 AM

Hello, 
 
Those logs are all clean. 
The Sophos log only flagged items already removed. 
 
--------
 
Do you recognise this programme? 微软拼音简捷 2012 流行词汇更新
If not, please uninstall. 
 
We need to completely remove Google Chrome, and reinstall afterwards. 
This will remove everything associated with Chrome. 
 
6JO0hXH.png Revo Uninstaller

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Google Chrome
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

Let me know how you get on.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#19 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 28 December 2014 - 06:45 PM

Machine is running much more smoothly now . Thanks for the help !



#20 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 29 December 2014 - 06:48 AM

Hello, 
 
Please update the following vulnerable software.

Machine is running much more smoothly now .

Excellent.
With this in mind - 
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png

 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing. :)
Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#21 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 30 December 2014 - 10:29 AM

Everything is in order now . Many thanks for your kind attention towards this poor machine :) 



#22 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 30 December 2014 - 01:42 PM

You're quite welcome. 

 

I will mark this topic as solved. 

 

All the best, 

Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#23 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 30 December 2014 - 01:42 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users