Hello! I believe my Lenovo G500 (Windows 8.1) was infected a week ago. I didn't think much of it at first, then it got very bad over the next few days (I used the internet normally and probably helped the infection spread deeper.) I also initially deleted a few things that were obviously off (files with 2016 date modified, etc) which I learned I maybe shouldn't have done. Anyway, I followed the steps in the pinned Malware Removal post on this forum and am at a loss as nothing has changed. So far I've used malwarebytes, farbar, superantispyware, roguekiller, tdsskiller--in both Safe and Normal mode. Initally, MBAM and SUPER showed some PuPs and dirty tracker cookies (~40) and now they run clean...yet I still have the same obnoxious redirects and adware popups on Chrome. Lastly, I share this computer with someone who has used p2p programs and I uninstalled bittorrent but I can't seem to fully remove all torrent traces from the addition.txt? I don't know if the remaining pieces are apart of the problem. Any help is greatly appreciated!! FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01Ran by CarrieM (administrator) on CARRIE on 25-02-2015 16:16:23Running from C:\Users\CarrieM\DownloadsLoaded Profiles: CarrieM & (Available profiles: CarrieM)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SASCore.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\System32\prevhost.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-04] (Conexant Systems, Inc.)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Run: [GoogleChromeAutoLaunch_918A98AADA0A793786006B0BCA277B75] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-01-22] (SUPERAntiSpyware)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\MountPoints2: {01f984c1-439a-11e4-be90-208984dc6bcb} - "G:\VerizonWirelessUpgradeAssistantSetup.exe" -aHKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\MountPoints2: {01f98786-439a-11e4-be90-208984dc6bcb} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -aHKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\MountPoints2: {7c83a862-767c-11e4-be94-208984dc6bcb} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -aHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_918A98AADA0A793786006B0BCA277B75] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-01-22] (SUPERAntiSpyware)HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01f984c1-439a-11e4-be90-208984dc6bcb} - "G:\VerizonWirelessUpgradeAssistantSetup.exe" -aHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {01f98786-439a-11e4-be90-208984dc6bcb} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -aHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7c83a862-767c-11e4-be94-208984dc6bcb} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -aShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKU\S-1-5-21-3546573554-2337176860-3782567272-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.comHKU\S-1-5-21-3546573554-2337176860-3782567272-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.comHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001 -> {048E3AB8-E130-4AA8-A63F-7E43BE9D65D9} URL = SearchScopes: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001 -> {E2F68444-CE77-4FE5-AFDA-10DA752CADB8} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}SearchScopes: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {048E3AB8-E130-4AA8-A63F-7E43BE9D65D9} URL = SearchScopes: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E2F68444-CE77-4FE5-AFDA-10DA752CADB8} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]CHR Extension: (Google Drive) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]CHR Extension: (YouTube) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-07-17]CHR Extension: (Adblock Plus) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-29]CHR Extension: (Google Search) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]CHR Extension: (Google Calendar) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-14]CHR Extension: (Chrome Remote Desktop) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-23]CHR Extension: (Burton Snowboards) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfadpmchcfmnidepggefbcjgelboimi [2014-01-29]CHR Extension: (Google Wallet) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]CHR Extension: (Gmail) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]CHR Profile: C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]CHR Extension: (YouTube) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]CHR Extension: (Adblock Plus) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-12]CHR Extension: (Google Search) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]CHR Extension: (AllaCheapPricae) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmdecmflljamdfkmkokmnjckdanabekb [2015-02-18]CHR Extension: (Google Wallet) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]CHR Extension: (Gmail) - C:\Users\CarrieM\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files (x86)\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe [56648 2015-02-01] (Google Inc.)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-25] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-25] ()R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 16:07 - 2015-02-25 16:16 - 00023446 _____ () C:\Users\CarrieM\Downloads\FRST.txt2015-02-25 15:57 - 2015-02-25 15:57 - 00000000 ____D () C:\Users\CarrieM\AppData\Local\Apple Inc2015-02-25 15:52 - 2015-02-23 14:38 - 00001129 _____ () C:\Users\CarrieM\Downloads\Malwarebytes Anti-Malware.lnk2015-02-25 14:13 - 2015-02-25 14:24 - 00000000 ____D () C:\Program Files (x86)\SUPERAntiSpyware2015-02-25 14:13 - 2015-02-25 14:13 - 00002042 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2015-02-25 14:13 - 2015-02-25 14:13 - 00000560 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f3e3b518-8a62-47b1-b888-f4071bf2f5b6.job2015-02-25 14:13 - 2015-02-25 14:13 - 00000560 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2052ebb2-bebd-46cd-837f-690d94b0b071.job2015-02-25 14:13 - 2015-02-25 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2015-02-25 14:09 - 2015-02-25 14:09 - 00000000 ____D () C:\Users\CarrieM\AppData\Roaming\SUPERAntiSpyware.com2015-02-25 14:02 - 2015-02-25 14:02 - 21310312 _____ (SUPERAntiSpyware) C:\Users\CarrieM\Downloads\SUPERAntiSpyware.exe2015-02-25 14:02 - 2015-02-25 14:02 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2015-02-25 14:01 - 2015-02-25 14:01 - 00050688 _____ (Atribune.org) C:\Users\CarrieM\Downloads\ATF-Cleaner.exe2015-02-25 13:44 - 2015-02-25 13:44 - 00000000 _____ () C:\Users\CarrieM\Documents\launchme.powerdvd-metro2015-02-25 13:43 - 2015-02-25 13:43 - 00000000 ____D () C:\Users\CarrieM\Documents\Lenovo2015-02-25 13:43 - 2015-02-25 13:43 - 00000000 ____D () C:\Users\CarrieM\Documents\CyberLink2015-02-25 13:43 - 2015-02-25 13:43 - 00000000 _____ () C:\PDVDIPC.d2m2015-02-25 13:08 - 2015-02-25 16:16 - 00000000 ____D () C:\FRST2015-02-25 12:59 - 2015-02-25 12:59 - 02087936 _____ (Farbar) C:\Users\CarrieM\Downloads\FRST64.exe2015-02-25 12:10 - 2015-02-25 12:10 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-02-25 12:10 - 2015-02-25 12:10 - 00000000 ____D () C:\ProgramData\RogueKiller2015-02-25 11:44 - 2015-02-25 11:44 - 15536728 _____ () C:\Users\CarrieM\Downloads\RogueKiller.exe2015-02-25 11:16 - 2015-02-25 11:16 - 00000000 ___HD () C:\$SysReset2015-02-24 13:44 - 2015-02-24 13:44 - 00000000 ____D () C:\Users\CarrieM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlacSquisher2015-02-24 13:44 - 2015-02-24 13:44 - 00000000 ____D () C:\Program Files (x86)\FlacSquisher2015-02-23 18:57 - 2015-02-25 15:28 - 00000000 ____D () C:\Users\CarrieM\Downloads\Movies2015-02-23 18:56 - 2015-02-25 15:27 - 00000000 ____D () C:\Users\CarrieM\Downloads\Snowboard Vids2015-02-23 18:54 - 2015-02-25 15:28 - 00000000 ____D () C:\Users\CarrieM\Downloads\Music- Lenovo2015-02-23 16:36 - 2015-02-23 16:36 - 00000952 _____ () C:\Users\CarrieM\Desktop\Downloads.lnk2015-02-23 16:27 - 2015-02-25 12:34 - 00000000 ____D () C:\AdwCleaner2015-02-23 16:25 - 2015-02-23 16:25 - 02126848 _____ () C:\Users\CarrieM\Downloads\AdwCleaner.exe2015-02-23 16:12 - 2015-02-23 16:12 - 00415232 _____ (Farbar) C:\Users\CarrieM\Downloads\FSS.exe2015-02-23 16:02 - 2015-02-23 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine2015-02-23 15:55 - 2015-02-23 15:56 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\CarrieM\Downloads\tdsskiller.exe2015-02-23 14:38 - 2015-02-25 16:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-23 14:38 - 2015-02-23 15:17 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-23 14:38 - 2015-02-23 14:38 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-23 14:38 - 2015-02-23 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-23 14:38 - 2015-02-23 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-23 14:38 - 2015-02-23 14:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-23 14:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-02-23 14:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-02-23 14:36 - 2015-02-23 14:36 - 04909382 _____ () C:\Users\CarrieM\Downloads\mbam-chameleon-3.1.7.0.zip2015-02-19 11:16 - 2015-02-19 11:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\CarrieM\Downloads\mbam-clean-2.1.1.1001.exe2015-02-19 10:16 - 2015-02-19 10:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\CarrieM\Downloads\mbam-setup-2.0.4.1028.exe2015-02-19 09:58 - 2015-02-25 09:47 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B338BD1A-528A-4CFA-BC27-BB9919AD9339}2015-02-19 09:58 - 2015-02-19 09:58 - 00000000 __SHD () C:\Users\CarrieM\AppData\Local\EmieUserList2015-02-19 09:58 - 2015-02-19 09:58 - 00000000 __SHD () C:\Users\CarrieM\AppData\Local\EmieSiteList2015-02-19 09:58 - 2015-02-19 09:58 - 00000000 __SHD () C:\Users\CarrieM\AppData\Local\EmieBrowserModeList2015-02-17 19:00 - 2015-02-25 13:07 - 00000020 _____ () C:\Users\CarrieM\AppData\Roaming\appdataFr3.bin2015-02-15 09:58 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-02-15 09:58 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-02-13 18:35 - 2015-02-25 13:41 - 00000000 ____D () C:\Users\CarrieM\Downloads\EBOOKS2015-02-11 19:52 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2015-02-11 19:52 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2015-02-11 19:52 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2015-02-11 19:52 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2015-02-11 19:52 - 2015-01-13 15:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-02-11 19:52 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-02-11 19:52 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-02-11 19:52 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-02-11 19:52 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-02-11 19:52 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-02-11 19:52 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-02-11 19:52 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-02-11 19:52 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-02-11 19:52 - 2015-01-10 02:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-02-11 19:52 - 2015-01-10 01:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-02-11 19:52 - 2015-01-10 00:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-02-11 19:52 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-02-11 19:52 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2015-02-11 19:52 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2015-02-11 19:52 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll2015-02-11 19:52 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll2015-02-11 19:52 - 2014-12-08 16:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-02-11 19:52 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2015-02-11 19:52 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2015-02-11 19:52 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2015-02-11 19:52 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2015-02-11 19:52 - 2014-10-28 19:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-02-11 19:52 - 2014-10-28 19:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-02-11 19:52 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-02-11 19:52 - 2014-10-28 18:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2015-02-11 19:52 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-02-11 19:52 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2015-02-11 19:52 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2015-02-11 19:52 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2015-02-11 19:52 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2015-02-11 19:51 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2015-02-11 19:51 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2015-02-11 19:51 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2015-02-11 19:51 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2015-02-11 19:51 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2015-02-11 19:51 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2015-02-11 19:51 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2015-02-11 19:51 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-02-11 19:51 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-02-11 19:51 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-02-11 19:51 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2015-02-11 19:51 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-02-11 19:51 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-02-11 19:51 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-02-11 19:51 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-02-11 19:51 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-02-11 19:51 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-02-11 19:51 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-02-11 19:51 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-02-11 19:51 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-02-11 19:51 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-02-11 19:51 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2015-02-11 19:51 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-02-11 19:51 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-02-11 19:51 - 2015-01-11 18:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-02-11 19:51 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-02-11 19:51 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-02-11 19:51 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-02-11 19:51 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-02-11 19:51 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-02-11 19:51 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-02-11 19:51 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-02-11 19:51 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-02-11 19:51 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-02-11 19:51 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-02-11 19:51 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-02-09 12:07 - 2015-02-09 12:36 - 00000000 ____D () C:\Users\CarrieM\Desktop\Gopro Footy2015-01-28 10:02 - 2015-02-25 13:29 - 00000000 ____D () C:\ProgramData\{d4c5377b-e4f1-b54b-d4c5-5377be4fddef} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 16:01 - 2014-01-29 19:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3546573554-2337176860-3782567272-10012015-02-25 16:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-25 15:58 - 2014-02-04 00:17 - 01671737 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-25 15:57 - 2014-10-19 18:59 - 00000000 ___RD () C:\Users\CarrieM\iCloudDrive2015-02-25 15:57 - 2014-10-12 10:37 - 00000000 ___RD () C:\Users\CarrieM\OneDrive2015-02-25 15:55 - 2013-08-22 07:46 - 00325546 _____ () C:\WINDOWS\setupact.log2015-02-25 15:55 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-25 15:54 - 2013-11-14 00:20 - 00043650 _____ () C:\WINDOWS\PFRO.log2015-02-25 14:26 - 2014-01-29 22:53 - 21639128 _____ () C:\Users\Public\CAFADEBUG.log2015-02-25 13:28 - 2014-06-19 18:20 - 00000000 ___RD () C:\Users\CarrieM\Dropbox2015-02-25 12:40 - 2014-01-29 20:12 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-25 11:36 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-25 11:30 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-25 10:12 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-25 09:53 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media2015-02-23 19:40 - 2014-01-29 20:12 - 00000000 ____D () C:\Program Files (x86)\Google2015-02-23 18:52 - 2014-09-09 19:12 - 00000000 ____D () C:\Users\CarrieM\Desktop\Pix2015-02-23 18:52 - 2014-07-12 18:37 - 00000000 ____D () C:\Users\CarrieM\Desktop\Stuff to Sell2015-02-23 15:15 - 2014-06-19 18:17 - 00000000 ____D () C:\Users\CarrieM\AppData\Roaming\Dropbox2015-02-23 15:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Globalization2015-02-19 11:13 - 2013-12-21 23:38 - 00000000 ____D () C:\ldiag2015-02-19 11:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2015-02-19 10:03 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-14 21:49 - 2013-08-22 07:44 - 00362544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-14 21:46 - 2014-12-18 20:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser2015-02-14 21:46 - 2014-07-11 18:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-02-14 21:45 - 2014-01-30 07:35 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-14 21:38 - 2014-01-30 07:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-02-14 21:26 - 2014-06-19 18:19 - 00000000 ____D () C:\Users\CarrieM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-02-04 12:35 - 2014-01-29 20:12 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-04 12:35 - 2014-01-29 20:12 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-04 12:35 - 2014-01-29 20:12 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-03 12:31 - 2014-09-18 15:20 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 12:31 - 2014-09-18 15:20 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-28 10:50 - 2014-01-29 19:14 - 00000000 ____D () C:\Users\CarrieM\AppData\Local\Packages ==================== Files in the root of some directories ======= 2015-02-17 19:00 - 2015-02-25 13:07 - 0000020 _____ () C:\Users\CarrieM\AppData\Roaming\appdataFr3.bin2014-03-03 12:45 - 2014-03-03 12:45 - 0000057 _____ () C:\ProgramData\Ament.ini2013-06-10 10:56 - 2013-06-10 10:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-24 18:20 ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01Ran by CarrieM at 2015-02-25 16:17:48Running from C:\Users\CarrieM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)AIM 7 (HKLM-x32\...\AIM_7) (Version: - )Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Chrome Remote Desktop Host (HKLM-x32\...\{C9F8858E-B6F9-4E56-B155-2A5CE7FC74B9}) (Version: 41.0.2272.41 - Google Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)Dropbox (HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Dropbox (HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)Energy Management (x32 Version: 8.0.2.4 - Lenovo) HiddenFlacSquisher 1.3.4 (HKLM-x32\...\FlacSquisher) (Version: 1.3.4 - FlacSquisher)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenHP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.301.1 - Vimicro)Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) HiddenLenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) HiddenLenovo Solution Center (HKLM\...\{B8908ABE-8AAE-41FD-A367-391CD492981B}) (Version: 2.0.018.00 - Lenovo Group Limited)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) HiddenLenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5987 - Lenovo)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)SUPERAntiSpyware (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)UserGuide (x32 Version: 1.0.0.9 - Lenovo) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWindows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3546573554-2337176860-3782567272-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CarrieM\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 06-02-2015 00:29:30 Windows Update11-02-2015 20:32:37 Windows Update14-02-2015 21:37:03 Windows Update18-02-2015 21:25:46 Configured YouCam24-02-2015 18:12:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2EEB4BFC-D525-471D-A8EE-F7D24C89779B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-14] (Microsoft Corporation)Task: {3460F81D-7E71-40B2-8F1C-2B390E354181} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)Task: {3653F97E-3A30-4C34-968E-8A06276C7466} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: {7537564F-ED5C-4FB4-90C9-F0D5B2D70352} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)Task: {BFE6DC6C-D7CA-4C09-B947-4C1962ECBE9C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-02-12] (Lenovo)Task: {CA553065-103E-4984-BB87-09F23B3D13D6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)Task: {CFF8F44B-0D6A-4A4E-B8E7-FE6A882A5A87} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-02-12] ()Task: {F659DC62-9C48-48C9-813E-CF0E745C480C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)Task: {FA45C203-2480-4173-BEC7-419594BB9446} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2013-02-12] ()Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2052ebb2-bebd-46cd-837f-690d94b0b071.job => C:\Program Files (x86)\SUPERAntiSpyware\SASTask.exejC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f3e3b518-8a62-47b1-b888-f4071bf2f5b6.job => C:\Program Files (x86)\SUPERAntiSpyware\SASTask.exejC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-11-25 10:37 - 2014-11-25 10:37 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-02-19 20:41 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll2015-02-19 20:41 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll2015-02-19 20:41 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll2013-06-10 10:52 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2015-02-19 20:41 - 2015-02-17 15:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\CarrieM\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25409196.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25409196.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CarrieM\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgHKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\CarrieM\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DivXMediaServer"HKLM\...\StartupApproved\Run32: => "DivXUpdate"HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\StartupApproved\StartupFolder: => "Download J Cole - Cole World Sideline Story (2011) [VBR mp3] Torrent - KickassTorrents.lnk"HKU\S-1-5-21-3546573554-2337176860-3782567272-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Download J Cole - Cole World Sideline Story (2011) [VBR mp3] Torrent - KickassTorrents.lnk"HKU\S-1-5-21-3546573554-2337176860-3782567272-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk" ==================== Accounts: ============================= Administrator (S-1-5-21-3546573554-2337176860-3782567272-500 - Administrator - Disabled)CarrieM (S-1-5-21-3546573554-2337176860-3782567272-1001 - Administrator - Enabled) => C:\Users\CarrieMGuest (S-1-5-21-3546573554-2337176860-3782567272-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-3546573554-2337176860-3782567272-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/25/2015 01:44:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARRIE)Description: Activation of app CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a:App.AppX25f5c1pkr4kjfspeqqz59s4c37qvrbkq.wwa failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/25/2015 01:43:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARRIE)Description: Activation of app winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/25/2015 00:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4c8 Start Time: 01d0512ebd21589d Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: 09c27b85-bd23-11e4-bea8-208984dc6bcb Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj Faulting package-relative application ID: App Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 63656 Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 63656 Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 62609 Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 62609 Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2015 00:05:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 61547 System errors:=============Error: (02/25/2015 03:54:08 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS Error: (02/25/2015 03:54:08 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS Error: (02/25/2015 03:52:51 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/25/2015 03:52:41 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/25/2015 03:52:29 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/25/2015 03:52:29 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/25/2015 03:52:29 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/25/2015 03:52:28 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (02/25/2015 03:52:28 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (02/25/2015 03:52:22 PM) (Source: DCOM) (EventID: 10005) (User: CARRIE)Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions:=========================Error: (02/25/2015 01:44:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARRIE)Description: CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a:App.AppX25f5c1pkr4kjfspeqqz59s4c37qvrbkq.wwa-2144927149 Error: (02/25/2015 01:43:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARRIE)Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store-2144927149 Error: (02/25/2015 00:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: backgroundTaskHost.exe6.3.9600.163844c801d0512ebd21589d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe09c27b85-bd23-11e4-bea8-208984dc6bcbC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 63656 Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 63656 Error: (02/25/2015 00:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 62609 Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 62609 Error: (02/25/2015 00:05:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2015 00:05:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 61547 CodeIntegrity Errors:=================================== Date: 2015-02-23 16:27:08.506 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-23 16:27:08.233 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:47:10.465 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:47:09.888 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:47:09.347 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:47:08.928 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:46:38.236 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:46:37.687 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:46:36.839 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-19 20:46:36.317 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i5-3230M CPU @ 2.60GHzPercentage of memory in use: 78%Total physical RAM: 3961.77 MBAvailable physical RAM: 846.18 MBTotal Pagefile: 6649.77 MBAvailable Pagefile: 3045.75 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:424.88 GB) (Free:316.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 0DF6F4B3) Partition: GPT Partition Type. ==================== End Of Log ============================
