WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Adsmatte & Vidolog Adware Virus [Closed]

Started by teslasdream , Jul 04 2015 02:51 AM

adsmatte vidolog adware rootkit

This topic is locked

5 replies to this topic

#1 teslasdream

New Member

New Member
2 posts

Posted 04 July 2015 - 02:51 AM

I am posting this here because my adware virus is aggressively blocking me from accessing the Virus/Malware forum thread. Can a moderator please move it to the appropriate thread? Thank you...

---------------------------------------------------

Hello, I am pasting the logs from the aswMBR and FRST (+ addition) scans below. This adware virus is attacking my PC, flatout preventing me from opening many webpages and redirecting me on most others... The redirect url says either adsmatte or vidolog. Adsmatte usually takes me then to some site called totaladperformance. Vidolog turns out to be some chat roulette site. It is especially good at preventing me from going to anti-malware sites (had to do some fast clicking to even pull up a New Post page here on WhatTheTech before it redirected me away).

From what I have been reading online, this virus is quite new (popping up only in May '15) and seems to be associated with routers/modems, going from there into PCs or smartphones. I have also read that it may be employing a rootkit to hide from most anti-malware programs (nearly every such program simply cannot find this virus). One victim of the virus reported that his ISP was redirected to somewhere in the Eastern Block of Europe. I am currently at a hostel in India, which is where it attacked me, and I cannot get information about the router here.

Any help is appreciated so much... please let me know if you need any other information.

aswMBR log:

Run date: 2015-07-03 13:41:38

-----------------------------

13:41:38.685 OS Version: Windows x64 6.2.9200

13:41:38.685 Number of processors: 2 586 0x3A09

13:41:38.685 ComputerName: GLENSTORM UserName: Joshua

13:42:08.695 Initialize success

13:42:09.351 VM: initialized successfully

13:42:09.351 VM: Intel CPU BiosDisabled

13:42:53.837 AVAST engine defs: 15070203

13:44:48.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d

13:44:48.802 Disk 0 Vendor: WDC_WD5000LPVT-24G33T1 02.01A02 Size: 476940MB BusType: 11

13:44:49.306 Disk 0 MBR read successfully

13:44:49.308 Disk 0 MBR scan

13:44:49.314 Disk 0 unknown MBR code

13:44:49.322 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

13:44:49.899 Disk 0 scanning C:\WINDOWS\system32\drivers

13:45:56.946 Service scanning

13:47:27.158 Modules scanning

13:47:27.160 Disk 0 trace - called modules:

13:47:27.205 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys

13:47:27.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000d829060]

13:47:27.209 3 CLASSPNP.SYS[fffff80050e39170] -> nt!IofCallDriver -> \Device\0000002d[0xffffe0000b7dd7f0]

13:47:28.987 AVAST engine scan C:\WINDOWS

13:49:23.013 AVAST engine scan C:\WINDOWS\system32

14:01:44.715 AVAST engine scan C:\WINDOWS\system32\drivers

14:02:46.564 AVAST engine scan C:\Users\Joshua

15:23:51.305 AVAST engine scan C:\ProgramData

15:27:04.196 Disk 0 statistics 5214710/0/0 @ 0.54 MB/s

15:27:04.258 Scan finished successfully

15:30:22.540 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"

15:30:22.549 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"

Farbar log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by Joshua (administrator) on GLENSTORM on 03-07-2015 12:47:16

Running from C:\Users\Joshua\Desktop\Downloads

Loaded Profiles: Joshua & (Available Profiles: Joshua)

Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\mspaint.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

() C:\Program Files\ComicRack\ComicRack.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(AVAST Software) C:\Users\Joshua\Desktop\aswMBR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-09-19] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-09-19] (Lenovo(beijing) Limited)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5213136 2015-06-12] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-05-07] ()

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [Facebook Update] => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-01] (Facebook Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [Google Update] => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-03] (Google Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {1d1004af-c7c6-11e4-bee5-201a062391fc} - "F:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {1d101048-c7c6-11e4-bee5-201a062391fc} - "G:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {4b731c05-57a5-11e4-beb9-0cd292658951} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {4b731c4d-57a5-11e4-beb9-0cd292658951} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {4dbf3482-3806-11e4-beae-201a062391fc} - "F:\LaunchU3.exe" -a

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {7fe94e64-5513-11e4-beb7-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {7fe94ec1-5513-11e4-beb7-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df87d4-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df8cd2-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df8d24-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df8f04-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df9596-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {82df95e0-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {c19c3a1d-f3d0-11e4-bef2-201a062391fc} - "G:\autorun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MountPoints2: {c19c3a3e-f3d0-11e4-bef2-201a062391fc} - "H:\autorun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-01] (Facebook Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-03] (Google Inc.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => "C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1d1004af-c7c6-11e4-bee5-201a062391fc} - "F:\VZW_Software_upgrade_assistant.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1d101048-c7c6-11e4-bee5-201a062391fc} - "G:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b731c05-57a5-11e4-beb9-0cd292658951} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b731c4d-57a5-11e4-beb9-0cd292658951} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4dbf3482-3806-11e4-beae-201a062391fc} - "F:\LaunchU3.exe" -a

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7fe94e64-5513-11e4-beb7-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7fe94ec1-5513-11e4-beb7-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df87d4-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df8cd2-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df8d24-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df8f04-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df9596-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {82df95e0-55d8-11e4-beb8-201a062391fc} - "F:\AutoRun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c19c3a1d-f3d0-11e4-bef2-201a062391fc} - "G:\autorun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c19c3a3e-f3d0-11e4-bef2-201a062391fc} - "H:\autorun.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

SearchScopes: HKLM -> DefaultScope {EBFE69AC-C85B-4D20-A232-052AC46BC45C} URL =

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001 -> DefaultScope {EBFE69AC-C85B-4D20-A232-052AC46BC45C} URL =

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-03-0410:19:31&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {EBFE69AC-C85B-4D20-A232-052AC46BC45C} URL =

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

SearchScopes: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-03-0410:19:31&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-07] (AVG)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-19] (Oracle Corporation)

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-07] (AVG)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-19] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 5.152.219.50 5.152.219.51

Tcpip\..\Interfaces\{E6787295-D122-4027-B030-4A8CCC770496}: [DhcpNameServer] 5.152.219.50 5.152.219.51

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\03zdmp0o.default

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: https://mysearch.avg...10:19:31&sap=hp

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll [2014-06-26] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-26] ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-19] (Oracle Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Joshua\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: @talk.google.com/O1DPlugin -> C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Joshua\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File

FF Plugin ProgramFiles/Appdata: C:\Users\Joshua\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Joshua\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF SearchPlugin: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\03zdmp0o.default\searchplugins\avg-secure-search.xml [2015-05-07]

FF SearchPlugin: C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\03zdmp0o.default\searchplugins\Search Provided by Yahoo.xml [2015-06-23]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-07]

FF Extension: AVG Web TuneUp - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\03zdmp0o.default\Extensions\avg@toolbar [2015-05-07]

FF HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

=======

CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]

CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]

CHR Extension: (Google Search) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]

CHR Extension: (Google Wallet) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]

CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]

StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3257808 2015-06-12] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300408 2015-06-12] (AVG Technologies CZ, s.r.o.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-19] ()

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-09-19] ()

R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-04] (AVG Secure Search)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-07] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-19] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-24] (Motorola Solutions, Inc.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-23] (Disc Soft Ltd)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-03] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)

S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]

S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]

S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]

U3 aswMBR; \??\C:\Users\Joshua\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Joshua\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 12:46 - 2015-07-03 12:47 - 00000000 ____D C:\FRST

2015-07-03 12:38 - 2015-07-03 12:39 - 05198336 _____ (AVAST Software) C:\Users\Joshua\Desktop\aswMBR.exe

2015-07-02 21:50 - 2015-07-03 12:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-07-02 21:49 - 2015-07-02 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-02 21:49 - 2015-07-02 21:49 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-07-02 21:49 - 2015-07-02 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-02 21:49 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-07-02 21:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-07-02 21:49 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-06-29 12:06 - 2015-07-01 16:01 - 00001355 _____ C:\Users\Joshua\Desktop\esl game.txt

2015-06-26 10:41 - 2015-06-26 10:41 - 00000000 ____D C:\Program Files\Common Files\AV

2015-06-25 18:27 - 2015-06-25 18:27 - 00000000 ____D C:\Users\Joshua\AppData\Local\PackageStaging

2015-06-25 16:36 - 2015-06-25 16:36 - 00000462 _____ C:\Users\Joshua\Desktop\‪‎.lnk

2015-06-23 20:37 - 2015-06-23 20:37 - 00000000 ____D C:\Users\Joshua\AppData\Local\Disc_Soft_Ltd

2015-06-23 18:49 - 2015-07-03 12:49 - 00000352 _____ C:\WINDOWS\Tasks\Chromium.job

2015-06-23 18:49 - 2015-06-23 18:49 - 00002690 _____ C:\WINDOWS\System32\Tasks\Chromium

2015-06-23 18:48 - 2015-06-23 18:48 - 00000000 ____D C:\Users\Joshua\AppData\Local\Chromium

2015-06-23 18:47 - 2015-06-23 18:47 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\PowerISO

2015-06-23 18:41 - 2015-06-23 18:41 - 00000000 ____D C:\Program Files (x86)\Disc Soft

2015-06-23 18:40 - 2015-06-23 19:14 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys

2015-06-23 18:40 - 2015-06-23 18:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite

2015-06-23 18:40 - 2015-06-23 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

2015-06-23 18:39 - 2015-06-23 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO

2015-06-23 18:39 - 2015-06-23 18:39 - 00000000 ____D C:\Program Files\PowerISO

2015-06-23 18:39 - 2015-06-08 05:59 - 00127760 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys

2015-06-23 18:11 - 2015-06-23 18:19 - 00000000 ____D C:\ProgramData\FLEXnet

2015-06-21 16:32 - 2015-06-21 16:32 - 00000000 ____D C:\Users\Joshua\AppData\Local\GWX

2015-06-16 08:13 - 2015-06-16 08:14 - 00000166 _____ C:\Users\Joshua\AppData\Roaming\PLGComp.ini

2015-06-15 20:50 - 2015-05-22 16:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-06-15 20:50 - 2015-05-21 16:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-06-15 20:50 - 2015-04-17 01:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-06-14 18:08 - 2015-04-09 01:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml

2015-06-14 18:08 - 2015-03-20 06:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2015-06-14 18:08 - 2015-03-20 06:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2015-06-14 18:08 - 2015-03-20 05:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2015-06-14 18:08 - 2015-03-20 05:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-06-14 18:08 - 2015-03-02 04:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll

2015-06-14 18:08 - 2015-03-02 04:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll

2015-06-12 23:51 - 2015-05-25 16:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll

2015-06-12 23:51 - 2015-05-25 16:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2015-06-12 23:51 - 2015-04-16 09:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2015-06-12 23:51 - 2015-04-14 01:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll

2015-06-12 23:51 - 2015-04-14 01:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll

2015-06-12 23:51 - 2015-04-10 03:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-06-12 23:51 - 2015-04-10 03:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-06-12 23:51 - 2015-04-09 01:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll

2015-06-12 23:51 - 2015-04-02 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-06-12 23:51 - 2015-04-02 01:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-06-12 23:51 - 2015-04-01 07:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2015-06-12 23:51 - 2015-04-01 07:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2015-06-12 23:51 - 2015-04-01 07:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll

2015-06-12 23:51 - 2015-04-01 07:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2015-06-12 23:51 - 2015-04-01 06:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2015-06-12 23:51 - 2015-04-01 06:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2015-06-12 23:51 - 2015-04-01 06:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2015-06-12 23:51 - 2015-04-01 05:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

2015-06-12 23:51 - 2015-04-01 05:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2015-06-12 23:51 - 2015-04-01 05:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2015-06-12 23:51 - 2015-04-01 05:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2015-06-12 23:51 - 2015-04-01 05:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2015-06-12 23:51 - 2015-04-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2015-06-11 07:11 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-06-11 07:11 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-06-11 07:11 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-06-11 07:11 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-06-11 07:11 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-06-11 07:11 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-06-11 07:11 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2015-06-11 07:11 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-06-11 07:11 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-06-11 07:11 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-06-11 07:11 - 2015-05-23 05:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-06-11 07:11 - 2015-05-23 05:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-06-11 07:11 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-06-11 07:11 - 2015-05-23 05:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-06-11 07:11 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-06-11 07:11 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-06-11 07:11 - 2015-05-23 05:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2015-06-11 07:11 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-06-11 07:11 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-06-11 07:11 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-06-11 07:11 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-06-11 07:11 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-06-11 07:11 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-06-11 07:11 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-06-11 07:11 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-06-11 07:11 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-06-11 07:11 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-06-11 07:11 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-06-11 07:11 - 2015-05-22 21:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-06-11 07:11 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-06-11 07:11 - 2015-05-22 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-06-11 07:11 - 2015-05-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-06-11 07:11 - 2015-05-22 21:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-06-11 07:11 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-06-11 07:11 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-06-11 07:11 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-06-11 07:11 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-06-11 07:11 - 2015-05-22 20:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-06-11 07:11 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-06-11 07:11 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-06-10 08:08 - 2015-04-25 05:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll

2015-06-10 08:08 - 2015-04-25 05:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

2015-06-10 08:05 - 2015-05-21 19:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-06-04 21:44 - 2015-06-04 21:44 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 12:44 - 2014-03-16 05:46 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3058307074-1405035609-990451598-1001

2015-07-03 12:39 - 2014-03-16 06:11 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\uTorrent

2015-07-03 12:33 - 2014-03-16 05:47 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-03 12:12 - 2014-05-03 22:34 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA.job

2015-07-03 12:00 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-07-03 11:58 - 2014-03-17 09:06 - 01719265 _____ C:\WINDOWS\WindowsUpdate.log

2015-07-03 08:51 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-07-03 08:22 - 2014-03-17 18:25 - 00000000 ___RD C:\Users\Joshua\Desktop\‪

2015-07-03 07:22 - 2014-05-01 16:17 - 00000952 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA.job

2015-07-03 07:03 - 2014-03-17 11:48 - 00000000 ___DO C:\Users\Joshua\SkyDrive

2015-07-03 06:59 - 2014-03-16 05:47 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-03 06:57 - 2013-11-14 10:17 - 00036496 _____ C:\WINDOWS\PFRO.log

2015-07-03 06:57 - 2013-08-22 17:46 - 00344400 _____ C:\WINDOWS\setupact.log

2015-07-03 06:57 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-07-03 06:56 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-07-03 06:55 - 2013-09-19 03:04 - 00020992 _____ C:\WINDOWS\system32\VfService.trf

2015-07-03 06:52 - 2014-03-23 14:37 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68CA8B5D-0C80-4B78-B1D0-CB1B66CD5422}

2015-07-02 21:38 - 2014-04-09 12:09 - 00000000 ____D C:\ProgramData\MFAData

2015-07-02 21:38 - 2014-03-17 08:50 - 00000000 ____D C:\Users\Joshua

2015-07-02 08:44 - 2014-08-17 01:02 - 00000000 ____D C:\Users\Joshua\AppData\Local\Adobe

2015-06-29 23:18 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-06-29 11:58 - 2014-12-12 15:28 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\vlc

2015-06-28 17:12 - 2014-05-03 22:34 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core.job

2015-06-28 16:22 - 2014-05-01 16:17 - 00000930 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core.job

2015-06-26 20:54 - 2014-12-27 18:04 - 00000000 ___RD C:\Users\Joshua\Desktop\‫‫

2015-06-26 20:27 - 2013-11-14 10:24 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-06-26 10:40 - 2014-04-09 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-06-26 10:39 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2015-06-25 21:35 - 2014-12-17 13:00 - 00000000 ___RD C:\Users\Joshua\Desktop\‎‍

2015-06-25 21:28 - 2014-12-27 17:59 - 00000000 ___RD C:\Users\Joshua\Desktop\‏‌

2015-06-25 20:56 - 2014-03-28 09:00 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\CDisplayEx

2015-06-25 18:27 - 2014-03-16 05:28 - 00000000 ____D C:\Users\Joshua\AppData\Local\Packages

2015-06-23 20:03 - 2015-05-07 11:34 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\DAEMON Tools Lite

2015-06-23 18:54 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-06-23 18:39 - 2014-03-20 23:09 - 00002699 _____ C:\Users\Joshua\Desktop\⁯.lnk

2015-06-20 06:02 - 2015-05-14 17:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-06-20 06:02 - 2015-05-14 17:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-19 00:06 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache

2015-06-16 08:23 - 2015-05-29 17:45 - 00000000 ____D C:\Temp

2015-06-16 08:13 - 2014-03-16 05:28 - 00000000 ____D C:\Users\Joshua\AppData\Local\VirtualStore

2015-06-15 20:58 - 2013-08-22 17:44 - 00492880 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-06-15 20:53 - 2015-04-19 09:18 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-06-15 20:53 - 2015-03-14 10:52 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2015-06-15 20:53 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData

2015-06-15 20:53 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2015-06-15 20:51 - 2014-03-16 04:21 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-06-15 20:38 - 2014-03-16 04:21 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-06-10 19:19 - 2014-03-16 05:26 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-05 15:47 - 2014-11-24 18:22 - 00000000 ____D C:\Users\Joshua\AppData\Local\Deployment

==================== Files in the root of some directories =======

2015-06-16 08:13 - 2015-06-16 08:14 - 0000166 _____ () C:\Users\Joshua\AppData\Roaming\PLGComp.ini

2014-09-09 14:51 - 2014-09-09 14:51 - 0000218 _____ () C:\Users\Joshua\AppData\Local\recently-used.xbel

2014-08-30 21:31 - 2014-08-30 21:31 - 0007605 _____ () C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg

2013-09-19 02:39 - 2013-09-19 02:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Joshua\AppData\Local\Temp\DAEMON Tools Lite.exe

C:\Users\Joshua\AppData\Local\Temp\DseShExt-x64.dll

C:\Users\Joshua\AppData\Local\Temp\DseShExt-x86.dll

C:\Users\Joshua\AppData\Local\Temp\SDShelEx-win32.dll

C:\Users\Joshua\AppData\Local\Temp\SDShelEx-x64.dll

C:\Users\Joshua\AppData\Local\Temp\_is2A3F.exe

C:\Users\Joshua\AppData\Local\Temp\_is2E49.exe

C:\Users\Joshua\AppData\Local\Temp\_is7886.exe

C:\Users\Joshua\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-13 16:02

==================== End of log ============================

Additional:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by Joshua at 2015-07-03 12:52:11

Running from C:\Users\Joshua\Desktop\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3058307074-1405035609-990451598-500 - Administrator - Disabled)

Guest (S-1-5-21-3058307074-1405035609-990451598-501 - Limited - Disabled)

Joshua (S-1-5-21-3058307074-1405035609-990451598-1001 - Administrator - Enabled) => C:\Users\Joshua

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4813 - AVG Technologies)

AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4813 - AVG Technologies) Hidden

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CDisplayEx 1.10.11 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)

ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)

Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)

Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden

ePub Reader for Windows version 5.2 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.2 - HANSoft, Inc.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Free PDF to Text Converter (HKLM-x32\...\{273AAEA4-277D-475B-A908-B92F38043BAB}}_is1) (Version: - Free PDF Solutions)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)

Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)

Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)

Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MyFreeCodec (HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\MyFreeCodec) (Version: - )

MyFreeCodec (HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)

PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)

Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.2.0 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)

UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3058307074-1405035609-990451598-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

09-06-2015 22:32:14 Windows Update

13-06-2015 12:37:55 Windows Update

23-06-2015 16:06:16 Windows Update

03-07-2015 06:53:01 Removed Rosetta Stone TOTALe

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E71AC4-35F4-4292-90DB-DA539378E4FD} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

Task: {0CE3A93F-F554-4900-9EC3-AAFDC88DD46B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-01] (Facebook Inc.)

Task: {10268992-97EF-4332-B38C-9B442F1708E4} - System32\Tasks\STIDIA - VPN Shield => C:\Program Files (x86)\STIDIA S.A.\VPN Shield\Stidia.VpnShield.exe

Task: {12638713-D9C5-48FC-B41B-6787A4E7F9B3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-04] (Synaptics Incorporated)

Task: {13E31F18-7D97-4A60-96BA-E36B14A58E1A} - System32\Tasks\{FD859D05-6294-421F-9B96-6B3D08821FC0} => Chrome.exe http://ui.skype.com/...;page=tsInstall

Task: {27BDCCB1-9115-4B8C-89A5-DB400041B378} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3058307074-1405035609-990451598-1001

Task: {3AD72D59-16CF-4DDF-B2C3-9E424D3BAB78} - System32\Tasks\Chromium => C:\Users\Joshua\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE

Task: {42F15EEB-358A-402E-8080-54937041A7CF} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-16] ()

Task: {4A2E75AE-D437-40E0-AACA-27BBCE47E3CC} - System32\Tasks\{303E7E54-D9C0-486C-A56F-39D486E1BA18} => Chrome.exe http://ui.skype.com/...;page=tsInstall

Task: {5CCF4957-B887-4BFA-93D1-8B020A4B87A7} - System32\Tasks\Google Updater and Installer => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)

Task: {5F161EB1-801D-46D6-BCE7-77B0133EC560} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-16] (Lenovo)

Task: {7A8EE45C-31FF-4AB9-B5D5-14B542CDFF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)

Task: {7BDA05A1-8377-4491-85C0-C20924E131A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7C597C84-827B-46BF-A036-C240DE05CBEC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-15] (Microsoft Corporation)

Task: {7F36B8A4-4078-46A7-B336-5FB7CBC39179} - System32\Tasks\{A20A1557-6E6B-4DBE-8AD4-46DA80E7E7CF} => Chrome.exe http://ui.skype.com/...;page=tsInstall

Task: {88F084E3-2C4B-4B34-9577-48B231E25279} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)

Task: {8D526176-FB35-4E2B-8539-4CA8484AB08B} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)

Task: {8EAB761F-755A-4A54-B027-1C6DE700121C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)

Task: {98B4E1CA-DF9A-4E77-B4BC-B743103F4EAD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-16] (Lenovo)

Task: {AFED6929-218C-45E2-BFA3-ED9D3BB59213} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)

Task: {BB2E8D91-B30B-4263-AA04-3B1EEB42FA06} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-01] (Facebook Inc.)

Task: {C5BD72C7-A359-47F5-941A-6B40FC5433FB} - System32\Tasks\{7A324210-08F7-4706-9493-262FFA04A307} => pcalua.exe -a "C:\Users\Joshua\Desktop\Downloads\mullvad-46 (2).exe" -d C:\Users\Joshua\Desktop\Downloads

Task: {DDA6CF86-EFB9-425F-90B1-CFA1B4017D33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)

Task: {FB6711A5-42F3-47EC-9EC4-A864722F6C7D} - System32\Tasks\{69EE6ADA-0606-4C21-A980-3358CA4B96AA} => Chrome.exe http://ui.skype.com/...;page=tsInstall

Task: {FE62F6DE-56D5-42B6-96B8-FD5202ABE8AB} - System32\Tasks\{E0ACB4E2-DA4D-43F7-83D2-37FC127AEB23} => Chrome.exe http://www.skype.com...LastError=12002

Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\Joshua\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core.job => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA.job => C:\Users\Joshua\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001Core.job => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3058307074-1405035609-990451598-1001UA.job => C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-04 10:19 - 2015-05-07 12:23 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

2013-09-19 03:04 - 2013-09-19 03:04 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

2013-09-19 03:04 - 2013-09-19 03:04 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

2015-03-04 10:19 - 2015-03-04 10:19 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe

2015-03-04 10:19 - 2015-05-07 12:23 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

2014-08-29 14:14 - 2014-08-29 14:14 - 02584576 _____ () C:\Program Files\ComicRack\ComicRack.exe

2015-05-15 00:26 - 2015-05-15 00:26 - 05413376 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ComicRack\961587a3ae05db35b64a985211565339\ComicRack.ni.exe

2015-05-15 00:27 - 2015-05-15 00:27 - 00264704 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ComicRack.Plugins\30738f0429a773f0727553ae90c779d4\ComicRack.Plugins.ni.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-04 10:19 - 2015-03-04 10:19 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll

2015-03-04 10:19 - 2015-05-07 12:23 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll

2015-06-22 09:35 - 2015-06-20 08:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll

2015-06-22 09:35 - 2015-06-20 08:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

2013-09-19 02:35 - 2012-07-18 16:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2015-06-22 09:35 - 2015-06-20 08:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

2014-03-16 07:07 - 2014-02-13 03:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2015-03-04 10:19 - 2015-03-04 10:19 - 01794584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.4.0\avgtbr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

AlternateDataStreams: C:\Users\Joshua\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

DNS Servers: 5.152.219.50 - 5.152.219.51

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"

HKLM\...\StartupApproved\Run: => "EnergyUtility"

HKLM\...\StartupApproved\Run: => "Energy Management"

HKLM\...\StartupApproved\Run: => "SmartAudio"

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "mcui_exe"

HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "boinctray"

HKLM\...\StartupApproved\Run32: => "DivXMediaServer"

HKLM\...\StartupApproved\Run32: => "DivXUpdate"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "boincmgr"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "Facebook Update"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "ooVoo.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "KiesPreload"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001\...\StartupApproved\Run: => "KiesPDLR"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7AF03CD55FBE5121416D410588C61404"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "boincmgr"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Facebook Update"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "ooVoo.exe"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "KiesPreload"

HKU\S-1-5-21-3058307074-1405035609-990451598-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "KiesPDLR"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{95673B80-EBF4-482D-94BC-00285783A8A7}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{3195028A-96AD-47AC-8924-D5C5C1F8C746}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A9A02BFD-DC95-440D-BD20-8DE106885A01}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{166A4F35-CFAB-48F5-83E7-1CB0B786A960}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{74095C62-4875-4F49-B204-A6CCC1294336}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{8B1C589B-C372-4EEC-80BA-43BF050089FF}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{D4BF9B97-5BFF-4844-B8DA-4E7629CE6263}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A3DA10B2-997D-49BC-8778-A8E21A96983A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AF3F0743-1401-4F73-8E90-01FD5FE06591}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{7AAFAF66-CAB1-421B-9AE9-AD182A3B5248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{D1529590-AE7D-44D7-B56D-35FCDD448E9A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{FE11C3CC-B8F0-4D0E-9D78-2A31854DD519}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{A6C552BD-21D8-44B3-9D5E-60AE74FAAC82}] => (Allow) C:\Users\Joshua\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [TCP Query User{9CDAB7A6-147C-454D-A170-3EEB3DE8DCDD}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe

FirewallRules: [UDP Query User{915AB918-B6B1-4329-BEC8-6EA5CE1ED238}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe

FirewallRules: [TCP Query User{A45CCD88-6D95-4172-A430-F55B6CAAF354}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe

FirewallRules: [UDP Query User{30D3EA5D-2A6C-49F8-BD92-D4A5DF817B2B}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe

FirewallRules: [{77C07AA0-71AF-4FA0-9A7F-07E956078D1F}] => (Block) C:\program files\comicrack\comicrack.exe

FirewallRules: [{8EDEF48C-91AA-47AA-91C7-4DE08B3DA211}] => (Block) C:\program files\comicrack\comicrack.exe

FirewallRules: [{4D19A3B0-ED21-4BB5-8511-B8286BF0686F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{BC70A57C-AFAF-4079-8503-7DB5C758AEF9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{FDA6FF12-9D90-420A-9062-D7E0F4B3287B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{F485FD6A-1418-462E-805D-7BD13C93624E}] => (Allow) C:\Users\Joshua\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [{19826DEF-973A-40CF-98ED-FCABB3909459}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{E227DD25-2340-4B95-95A0-CCA20FA64D06}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (07/03/2015 11:57:22 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8c4

Start Time: 01d0b56d34314f55

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 81ceaa1e-2161-11e5-bf03-201a062391fc

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (07/03/2015 08:32:15 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 16f8

Start Time: 01d0b5503487dbd4

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: daca3160-2144-11e5-bf03-201a062391fc

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (07/03/2015 07:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1028

Start Time: 01d0b54ad8de62fb

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 25ae1888-213f-11e5-bf03-201a062391fc

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (07/03/2015 07:17:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c4

Start Time: 01d0b5467638186b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 69bd6450-213a-11e5-bf03-201a062391fc

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/03/2015 07:17:30 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c8

Start Time: 01d0b5467638186b

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 6a1686d9-213a-11e5-bf03-201a062391fc

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/03/2015 07:03:42 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: e40

Start Time: 01d0b5447b077015

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 7116d010-2138-11e5-bf03-201a062391fc

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/03/2015 06:55:26 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 480

Start Time: 01d0b542b6bc559f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: aa70a1a7-2136-11e5-bf02-201a062391fc

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (07/03/2015 06:50:41 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1490

Start Time: 01d0b542b88af87e

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: aa75665e-2136-11e5-bf02-201a062391fc

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/02/2015 10:58:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 10a0

Start Time: 01d0b500c3d4fac6

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: b8a840b5-20f4-11e5-bf02-201a062391fc

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/02/2015 10:43:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1304

Start Time: 01d0b4feab65f1bc

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: a0ce0a8a-20f2-11e5-bf02-201a062391fc

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

System errors:

=============

Error: (07/02/2015 09:38:31 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:32:03 PM on ‎7/‎2/‎2015 was unexpected.

Error: (06/30/2015 08:35:09 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MAVI-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6787295-D122-4027-B030-4A8CCC770496}.

The master browser is stopping or an election is being forced.

Error: (06/29/2015 00:01:51 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR10.

Error: (06/28/2015 01:51:12 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR6.

Error: (06/26/2015 08:29:11 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/26/2015 07:32:30 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/25/2015 06:30:03 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/25/2015 05:30:54 PM) (Source: DCOM) (EventID: 10010) (User: GLENSTORM)

Description: App.AppXc6wj2nr565nyrzgw5hzkkc3z70t2abym.mca

Error: (06/23/2015 06:11:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The RosettaStoneDaemon service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/23/2015 09:45:24 AM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR13.

Microsoft Office:

=========================

CodeIntegrity Errors:

===================================

Date: 2015-05-29 18:43:50.950

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-29 18:43:46.762

Date: 2015-05-29 18:43:44.595

Date: 2015-05-29 18:43:42.437

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz

Percentage of memory in use: 77%

Total physical RAM: 3993.77 MB

Available physical RAM: 905.32 MB

Total Pagefile: 5194.61 MB

Available Pagefile: 1161.78 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425 GB) (Free:232.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 610E6F87)

Partition: GPT Partition Type.

==================== End of log ============================

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 July 2015 - 10:36 AM

:welcome:

Your using uTorrent, not a good idea, not all but a good percentage of files and programs downloaded via the torrents are infected. Look at your Additions log under the Firewall rules, its allowing uTorrent to move in and out of your system freely and whatever is bundled with that uTorrent download will have access to your system as well. I would go to Programs and Features in the Control Panel and uninstall it

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner To your Desktop

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware to your desktop. <---------

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 teslasdream

New Member

New Member
2 posts

Posted 05 July 2015 - 09:11 PM

Okay, I ran AdwCleaner as suggested and used it to clean whatever it found. I also ran a Malwarebytes scan and removed two PUPS. Also ran JRT, but it found no problems.

I am actually traveling in India at the moment, and the virus happened at the worst possible time, when I am only a day away from needing to book a few things on my computer. Aa! So, hoping for a faster fix, I decided to just go for the good old "Remove everything and reinstall Windows" option... which I did this morning. I've booted up the "new" Windows OS and reinstalled Chrome, tested it, and I am not being redirected anywhere so far.

However, I'm not sure if the virus established a rootkit deep in my drive or if it buried itself as far as the recovery data. So I just booted up the "new" Windows OS, downloaded GMER and I'm now pasting the log from the scan below. I really want to make sure this thing is gone, so I am happy to run any other programs you advise, just let me know what you want.

==============================================================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-07-06 08:32:14
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 WDC_WD5000LPVT-24G33T1 rev.02.01A02 465.76GB
Running: 28w4wmlv.exe; Driver: C:\Users\Joshua\AppData\Local\Temp\kwtoipog.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 988 fffff800bbec941c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffabe8177a 4 bytes [E8, AB, FF, 07]
.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffabe81782 4 bytes [E8, AB, FF, 07]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [628:644] fffff960009995e8
---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\Google\Update\1.3.26.9\goopdate.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4404] 0000000074900000
Library C:\Program Files (x86)\Google\Update\1.3.26.9\psmachine.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4404] 0000000073b00000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

===============================================================================

#4 teslasdream

New Member

New Member
2 posts

Posted 05 July 2015 - 10:04 PM

Also ran MBRCheck and got this... apparently there is an unknown MBR code, but I don't know its a factory setting from Lenovo. In any case, MBRCheck can't fix it because it doesn't offer solutions for Windows 8. I ran aswMBR also, and tried to fix the MBR, but it said there was a "fix error". Pasting that log also.

========================================================

Command-line:
Windows Version:
Windows Information:   (build 9200), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer:  LENOVO
System Manufacturer:  LENOVO
System Product Name:  20236
Logical Drives Mask:  0x0000001c

Kernel Drivers (total 173):
0xBBE75000 \SystemRoot\system32\ntoskrnl.exe
0xBBE09000 \SystemRoot\system32\hal.dll
0xBB3D7000 \SystemRoot\system32\kd.dll
0x00C33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C92000 \SystemRoot\System32\drivers\CLFS.SYS
0x00CEE000 \SystemRoot\System32\drivers\tm.sys
0x00D11000 \SystemRoot\system32\PSHED.dll
0x00D26000 \SystemRoot\system32\BOOTVID.dll
0x00D30000 \SystemRoot\system32\CI.dll
0x010A8000 \SystemRoot\System32\drivers\msrpc.sys
0x0110B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x011CD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x011DD000 \SystemRoot\System32\Drivers\acpiex.sys
0x011F4000 \SystemRoot\System32\Drivers\WppRecorder.sys
0x01000000 \SystemRoot\System32\drivers\ACPI.sys
0x0106D000 \SystemRoot\System32\drivers\WMILIB.SYS
0x00E93000 \SystemRoot\System32\Drivers\cng.sys
0x00F38000 \SystemRoot\System32\drivers\msisadrv.sys
0x00F42000 \SystemRoot\System32\drivers\pci.sys
0x00F7F000 \SystemRoot\System32\drivers\vdrvroot.sys
0x00F8C000 \SystemRoot\system32\drivers\pdc.sys
0x00FA3000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\System32\drivers\spaceport.sys
0x00E49000 \SystemRoot\System32\drivers\volmgr.sys
0x00A81000 \SystemRoot\System32\drivers\volmgrx.sys
0x00AE1000 \SystemRoot\System32\drivers\mountmgr.sys
0x0149B000 \SystemRoot\System32\drivers\iaStorA.sys
0x01768000 \SystemRoot\System32\drivers\storport.sys
0x017BD000 \SystemRoot\System32\drivers\EhStorClass.sys
0x01400000 \SystemRoot\system32\drivers\fltmgr.sys
0x01460000 \SystemRoot\System32\drivers\fileinfo.sys
0x00AFB000 \SystemRoot\system32\drivers\mfehidk.sys
0x01A44000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01C27000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C42000 \SystemRoot\System32\drivers\pcw.sys
0x01C53000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01C5D000 \SystemRoot\system32\drivers\ndis.sys
0x01D56000 \SystemRoot\system32\drivers\NETIO.SYS
0x01DC5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01EAC000 \SystemRoot\System32\drivers\tcpip.sys
0x020E5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0214D000 \SystemRoot\system32\DRIVERS\wfplwfs.sys
0x02168000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01E00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00A00000 \SystemRoot\System32\drivers\volsnap.sys
0x021B8000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E76000 \SystemRoot\System32\Drivers\mup.sys
0x01E8D000 \SystemRoot\System32\DRIVERS\LhdX64.sys
0x01A00000 \SystemRoot\System32\drivers\disk.sys
0x0223F000 \SystemRoot\System32\drivers\CLASSPNP.SYS
0x02293000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03AE3000 \SystemRoot\System32\drivers\cdrom.sys
0x03B14000 \SystemRoot\System32\Drivers\Null.SYS
0x03B1D000 \SystemRoot\System32\Drivers\Beep.SYS
0x03B25000 \SystemRoot\System32\drivers\BasicRender.sys
0x03EFF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04068000 \SystemRoot\System32\drivers\watchdog.sys
0x04079000 \SystemRoot\System32\drivers\dxgmms1.sys
0x040C7000 \SystemRoot\System32\drivers\BasicDisplay.sys
0x040D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x040EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x040F6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04118000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04126000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E00000 \SystemRoot\system32\drivers\afd.sys
0x03E92000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EBC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03ED2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0417E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EE2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041F1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03B32000 \SystemRoot\System32\drivers\npsvctrig.sys
0x03B3E000 \SystemRoot\System32\drivers\mssmbios.sys
0x03B4A000 \SystemRoot\System32\drivers\discache.sys
0x03B5B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B8E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B9A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BC9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03BE7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B7C000 \SystemRoot\System32\drivers\CompositeBus.sys
0x022B4000 \SystemRoot\system32\DRIVERS\kdnic.sys
0x022BF000 \SystemRoot\System32\drivers\umbus.sys
0x04CDE000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C00000 \SystemRoot\System32\drivers\USBXHCI.SYS
0x04C57000 \SystemRoot\System32\drivers\ucx01000.sys
0x04C8F000 \SystemRoot\System32\drivers\HECIx64.sys
0x04CA2000 \SystemRoot\System32\drivers\usbehci.sys
0x022D1000 \SystemRoot\System32\drivers\USBPORT.SYS
0x04CB8000 \SystemRoot\System32\drivers\HDAudBus.sys
0x0234C000 \SystemRoot\system32\DRIVERS\L1C63x64.sys
0x0446F000 \SystemRoot\system32\DRIVERS\NETwew00.sys
0x047B5000 \SystemRoot\System32\drivers\vwifibus.sys
0x047C2000 \SystemRoot\System32\drivers\i8042prt.sys
0x0236E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x047E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047ED000 \SystemRoot\System32\drivers\kbdclass.sys
0x04400000 \SystemRoot\System32\drivers\mouclass.sys
0x0440F000 \SystemRoot\System32\drivers\AcpiVpc.sys
0x04425000 \SystemRoot\System32\drivers\CmBatt.sys
0x0442C000 \SystemRoot\System32\drivers\BATTC.SYS
0x04438000 \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
0x04445000 \SystemRoot\System32\drivers\intelppm.sys
0x02200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00A55000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01A1C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02221000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04461000 \SystemRoot\System32\drivers\swenum.sys
0x00BB0000 \SystemRoot\System32\drivers\ks.sys
0x04463000 \SystemRoot\System32\drivers\rdpbus.sys
0x00E61000 \SystemRoot\System32\drivers\AMPPAL.sys
0x01474000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0485D000 \SystemRoot\System32\drivers\usbhub.sys
0x048DB000 \SystemRoot\System32\drivers\UsbHub3.sys
0x06861000 \SystemRoot\system32\drivers\CHDRT64.sys
0x06A0A000 \SystemRoot\system32\drivers\portcls.sys
0x06A55000 \SystemRoot\system32\drivers\drmk.sys
0x06A77000 \SystemRoot\system32\drivers\ksthunk.sys
0x06A7D000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x06AD5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06B0C000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06B54000 \SystemRoot\system32\drivers\mfefirek.sys
0x06BCF000 \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
0x03800000 \SystemRoot\system32\DRIVERS\btmhsf.sys
0x06BE4000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x03957000 \SystemRoot\System32\Drivers\bthport.sys
0x06800000 \SystemRoot\System32\drivers\usbccgp.sys
0x06C10000 \SystemRoot\system32\DRIVERS\rtsuvc.sys
0x06823000 \SystemRoot\system32\DRIVERS\BthLEEnum.sys
0x0494E000 \SystemRoot\System32\drivers\rfcomm.sys
0x073EB000 \SystemRoot\System32\drivers\BthEnum.sys
0x04979000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0499B000 \SystemRoot\system32\DRIVERS\btmaux.sys
0x06C00000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x074FF000 \SystemRoot\System32\Drivers\dump_iaStorA.sys
0x077CC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00033000 \SystemRoot\System32\win32k.sys
0x077E0000 \SystemRoot\System32\drivers\HIDPARSE.SYS
0x077E8000 \SystemRoot\System32\drivers\monitor.sys
0x007D2000 \SystemRoot\System32\TSDDD.dll
0x00994000 \SystemRoot\System32\cdd.dll
0x07400000 \SystemRoot\system32\drivers\luafv.sys
0x07428000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0743C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x074AA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x074BE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x074D6000 \SystemRoot\System32\drivers\condrv.sys
0x18093000 \SystemRoot\system32\drivers\HTTP.sys
0x18172000 \SystemRoot\system32\DRIVERS\bowser.sys
0x18192000 \SystemRoot\System32\drivers\mpsdrv.sys
0x18000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x181A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x049C0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x18063000 \SystemRoot\system32\drivers\Ndu.sys
0x184BC000 \SystemRoot\system32\drivers\peauth.sys
0x18588000 \SystemRoot\System32\Drivers\secdrv.SYS
0x18593000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x185D7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x185E9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x18400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x18864000 \SystemRoot\System32\DRIVERS\srv.sys
0x188F1000 \SystemRoot\system32\drivers\WudfPf.sys
0x1890A000 \SystemRoot\System32\drivers\WUDFRd.sys
0x18940000 \SystemRoot\System32\drivers\mshidumdf.sys
0x18949000 \SystemRoot\System32\drivers\HIDCLASS.SYS
0x18964000 \SystemRoot\system32\drivers\cfwids.sys
0x189BC000 \SystemRoot\system32\drivers\mfeapfk.sys
0x189E4000 \??\C:\Users\Joshua\AppData\Local\Temp\kwtoipog.sys
0x18800000 \SystemRoot\system32\drivers\67438515.sys
0x18995000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x18843000 \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
0x18974000 \??\C:\WINDOWS\system32\drivers\mwac.sys
0x1899F000 \??\C:\Users\Joshua\AppData\Local\Temp\aswMBR.sys
0x04800000 \??\C:\Users\Joshua\AppData\Local\Temp\aswVmm.sys

Processes (total 86):
       0 System Idle Process
       4 System
     328 C:\Windows\System32\smss.exe
     564 csrss.exe
     628 csrss.exe
     636 C:\Windows\System32\wininit.exe
     664 C:\Windows\System32\winlogon.exe
     724 C:\Windows\System32\services.exe
     740 C:\Windows\System32\lsass.exe
     844 C:\Windows\System32\svchost.exe
     900 C:\Windows\System32\svchost.exe
     952 C:\Windows\System32\svchost.exe
    1000 dwm.exe
     120 C:\Windows\System32\svchost.exe
     412 C:\Windows\System32\svchost.exe
     580 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\wlanext.exe
    1144 C:\Windows\System32\conhost.exe
    1212 C:\Windows\System32\spoolsv.exe
    1252 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\CxAudMsg64.exe
    1448 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    1504 C:\Program Files\Intel\iCLS Client\HeciServer.exe
    1560 C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    1592 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    1644 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    1684 C:\Windows\System32\mfevtps.exe
    1836 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    1864 C:\Windows\SysWOW64\SASrv.exe
    1952 C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    1380 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    2568 C:\Windows\System32\svchost.exe
    2684 C:\Windows\System32\svchost.exe
    2908 C:\Windows\System32\svchost.exe
    2952 dasHost.exe
    3244 C:\Windows\System32\taskhostex.exe
    3272 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3316 C:\Windows\explorer.exe
    3596 C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    3672 unsecapp.exe
    3836 WmiPrvSE.exe
    4084 dllhost.exe
    3384 C:\Windows\System32\SearchIndexer.exe
    3220 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2612 C:\Windows\System32\igfxtray.exe
    4148 C:\Windows\System32\hkcmd.exe
    4168 C:\Windows\System32\igfxpers.exe
    4188 C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
    4224 C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    4264 C:\Windows\System32\rundll32.exe
    4276 C:\Windows\RTFTrack.exe
    4316 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    4324 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    4372 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    4384 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    4516 C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    4540 C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    4584 C:\Program Files\mcafee.com\agent\mcagent.exe
    4868 C:\Program Files\Internet Explorer\iexplore.exe
    4112 C:\Program Files (x86)\Internet Explorer\iexplore.exe
     252 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4500 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5332 C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    3580 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    5544 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    3044 C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    1940 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    5740 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    1788 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
    2944 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    3804 C:\Program Files\Windows Media Player\wmpnetwk.exe
    8156 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5032 taskhost.exe
    3208 C:\Windows\System32\audiodg.exe
    2884 C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7H3L7B5U\RogueKiller.exe
    9184 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    7076 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    8256 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    7472 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
    5124 C:\Windows\System32\taskhost.exe
    9064 C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UXS792H\aswMBR.exe
    8368 C:\Windows\System32\svchost.exe
    7916 C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRH22AMD\MBRCheck.exe
    7440 C:\Windows\System32\conhost.exe
    5216 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`95500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006a`f1300000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000LPVT-24G33T1, Rev: 02.01A02

      Size Device Name          MBR Status
--------------------------------------------
    465 GB \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

===========================================================================

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-07-06 09:27:09
-----------------------------
09:27:09.531    OS Version: Windows x64 6.2.9200
09:27:09.531    Number of processors: 2 586 0x3A09
09:27:09.531    ComputerName: TUMNUS UserName: Joshua
09:27:11.313    Initialize success
09:27:11.328    VM: initialized successfully
09:27:11.328    VM: Intel CPU BiosDisabled
09:27:15.097    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
09:27:15.097    Disk 0 Vendor: WDC_WD5000LPVT-24G33T1 02.01A02 Size: 476940MB BusType: 11
09:27:15.472    Disk 0 MBR read successfully
09:27:15.472    Disk 0 MBR scan
09:27:15.487    Disk 0 unknown MBR code
09:27:15.487    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
09:27:15.534    Disk 0 scanning C:\WINDOWS\system32\drivers
09:27:19.308    Service scanning
09:27:40.731    Modules scanning
09:27:40.731    Disk 0 trace - called modules:
09:27:40.825    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
09:27:40.825    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800499e060]
09:27:41.356    3 CLASSPNP.SYS[fffff88002240fea] -> nt!IofCallDriver -> \Device\00000033[0xfffffa80046c7060]
09:27:41.356    Disk 0 statistics 121486/0/0 @ 17.35 MB/s
09:27:41.372    Scan finished successfully
09:31:11.666    Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
09:31:11.666    The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 July 2015 - 04:53 AM

You look fine, unknown MBR is because of either the new OS or Lenovo.

Why dont you redownload FRST and make sure there is a checkmark in Additions, keep everything else as per the picture, run a new scan and post both new logs

Please download Farbar Recovery Scan Tool and save it to your DESKTOP

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 July 2015 - 03:47 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.htmland start a new topic

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Also tagged with one or more of these keywords: adsmatte, vidolog, adware, rootkit

RAT Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → RAT remain after formatting Started by mimorp , 23 Jan 2022 RAT, rootkit	1 reply 23,459 views	Gary R 24 Jan 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Persistently being hacked on multiple devices - This is way above my p Started by KomiiTail , 05 Oct 2020 Hackers, rootkit, persistent and 1 more...	3 replies 6,776 views	Satchfan 09 Oct 2020
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Posible rootkit and who knows what else. [Solved] Started by GatoTuerto , 08 May 2020 win10, rootkit, crypto, help and 1 more... 1 2 3	Hot 37 replies 95,411 views	Satchfan 18 May 2020
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Need Help! Kometa took over my pc Started by NicoleD , 28 Jan 2018 adware, malware, spyware	11 replies 20,390 views	Juliet 11 Feb 2018
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → I don't have control of my computer, please help! [Solved] Started by Guest_J'siosis_* , 25 Jul 2015 hacked, virus, rootkit	2 replies 13,957 views	Tomk 25 Jul 2015

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme

Adsmatte & Vidolog Adware Virus [Closed]

#1 teslasdream

Advertisements

Register to Remove

#2 ken545

#3 teslasdream

#4 teslasdream

#5 ken545

#6 ken545

Related Topics

Also tagged with one or more of these keywords: adsmatte, vidolog, adware, rootkit

RAT remain after formatting

Persistently being hacked on multiple devices - This is way above my p

Posible rootkit and who knows what else. [Solved]

Need Help! Kometa took over my pc

I don't have control of my computer, please help! [Solved]

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Adsmatte & Vidolog Adware Virus [Closed]

#1 teslasdream

Advertisements Register to Remove

#2 ken545

#3 teslasdream

#4 teslasdream

#5 ken545

#6 ken545

Related Topics

Also tagged with one or more of these keywords: adsmatte, vidolog, adware, rootkit

RAT remain after formatting

Persistently being hacked on multiple devices - This is way above my p

Posible rootkit and who knows what else. [Solved]

Need Help! Kometa took over my pc

I don't have control of my computer, please help! [Solved]

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove