Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

windows 8.1 running very slow

This is a discussion on windows 8.1 running very slow within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I usually use SuperAntiSpyware and I tried Mawarebytes but to no avail. System still very very slow. Any help is


 
 
Thread Tools Search this Thread
Old 04-04-2016, 10:44 AM   #1
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



I usually use SuperAntiSpyware and I tried Mawarebytes but to no avail. System still very very slow.

Any help is greatly appreciated. Thanks in advance.

I couldnt run DDS so I used the FRST tool.

Scan below and addition is attached

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jeff Fralick (administrator) on JEFFPC (04-04-2016 11:52:02)
Running from C:\Users\Jeff Fralick\Downloads
Loaded Profiles: Jeff Fralick & (Available Profiles: Jeff Fralick)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Pokki) C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Octoshape ApS) C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Avid\Application Manager\AvidApplicationManager.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915672 2014-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-10-11] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-10-11] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [84992 2015-11-23] (Avid Technology, Inc.)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [123888 2014-05-08] (Lenovo)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-07-21] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [AppManHelper] => C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe [617984 2015-09-22] (Avid Technology, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23260000 2016-02-24] (Google)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [PCShowServer] => C:\Users\Jeff Fralick\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Spotify Web Helper] => C:\Users\Jeff Fralick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Spotify] => C:\Users\Jeff Fralick\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #3] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #2] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23260000 2016-02-24] (Google)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PCShowServer] => C:\Users\Jeff Fralick\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Jeff Fralick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Jeff Fralick\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #3] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #2] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2016-01-25]
ShortcutTarget: Avid Application Manager.lnk -> C:\Windows\Installer\{A59C0B17-6673-46E6-9E00-BB25E755A299}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5ED562D4-F4AD-4490-9494-6F9B8B67CC8B}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{B068B1E2-8C63-4F85-96CE-80C21A69181F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.live.com/1rewlive4startup/home
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4DF147F1-B2EB-4AD9-BCF0-64E858BC8EE1} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4DF147F1-B2EB-4AD9-BCF0-64E858BC8EE1} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-07-21] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-03] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1136221580-1407302259-1838447914-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeff Fralick\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-10-15] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected] [2015-07-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://homepage-web.com/?s=lenovo&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=lenovo&m=start"
CHR Profile: C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-11]
CHR Extension: (Google Sheets) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 AvidAssetCacheService; C:\Program Files\Avid\Cloud Client Services\AssetCacheService.exe [5122824 2015-11-20] (Avid Technology, Inc.)
R2 AvidAssetDeliveryService; C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe [7023880 2015-11-20] (Avid Technology, Inc.)
R2 AvidProjectSyncService; C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe [7020296 2015-11-20] (Avid Technology, Inc.)
R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [6588168 2015-11-20] (Avid Technology, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-10-25] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [84992 2015-11-23] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [190464 2015-11-23] (Avid Technology, Inc.) [File not signed]
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2013-09-17] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [368640 2014-08-13] (Verizon) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-11] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-10-11] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-12-02] (Maxthon)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-10-11] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-10-11] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SessionEnv; C:\windows\SysWOW64\sessenv.dll [296448 2014-10-28] (Microsoft Corporation) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-10-11] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-05-04] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24392 2013-10-16] (ELAN Microelectronic Corp.)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) [File not signed]
S3 iLokDrvr; C:\Windows\System32\drivers\iLokDrvr.sys [25808 2013-04-11] ()
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-04] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527712 2013-12-30] (Sunplus)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] () [File not signed]
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 11:52 - 2016-04-04 12:04 - 00035745 _____ C:\Users\Jeff Fralick\Downloads\FRST.txt
2016-04-04 11:51 - 2016-04-04 11:52 - 00000000 ____D C:\FRST
2016-04-04 11:49 - 2016-04-04 11:51 - 05658312 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\ComboFix.exe
2016-04-04 11:44 - 2016-04-04 11:49 - 02374144 _____ (Farbar) C:\Users\Jeff Fralick\Downloads\FRST64.exe
2016-04-04 08:18 - 2016-04-04 08:19 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-04 08:18 - 2016-04-04 08:18 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-04 08:18 - 2016-04-04 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-04 08:18 - 2016-04-04 08:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-04 08:18 - 2016-04-04 08:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-04 08:18 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-04 08:18 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-04 08:18 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-04 08:16 - 2016-04-04 08:17 - 22851472 _____ (Malwarebytes ) C:\Users\Jeff Fralick\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-04 08:14 - 2016-04-04 08:14 - 00688992 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\dds (4).scr
2016-04-03 21:56 - 2016-04-03 22:00 - 00688992 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\dds (3).scr
2016-04-03 21:50 - 2016-04-03 21:53 - 00688992 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\dds (2).scr
2016-04-03 14:36 - 2016-04-03 14:36 - 00688992 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\dds (1).scr
2016-04-03 12:23 - 2016-04-03 12:23 - 00342856 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\Unconfirmed 960554.crdownload
2016-04-03 12:21 - 2016-04-03 12:22 - 00688992 _____ (Swearware) C:\Users\Jeff Fralick\Downloads\dds.scr
2016-03-29 15:53 - 2016-03-29 15:53 - 00034017 _____ C:\Users\Jeff Fralick\Downloads\Resume201603290332.pdf
2016-03-29 15:11 - 2016-03-29 15:11 - 00034017 _____ C:\Users\Jeff Fralick\Desktop\Jeff F.pdf
2016-03-29 15:00 - 2016-03-29 15:00 - 00124183 _____ C:\Users\Jeff Fralick\Downloads\CopyofResume.pdf
2016-03-29 14:59 - 2016-03-29 14:59 - 00124183 _____ C:\Users\Jeff Fralick\Downloads\Resume.pdf
2016-03-29 14:58 - 2016-03-29 14:58 - 00124186 _____ C:\Users\Jeff Fralick\Downloads\JeffFralick (1).pdf
2016-03-29 14:57 - 2016-03-29 14:57 - 00124186 _____ C:\Users\Jeff Fralick\Downloads\JeffFralick.pdf
2016-03-29 14:51 - 2016-03-29 14:51 - 00111613 _____ C:\Users\Jeff Fralick\Downloads\JeffResume1.doc (4).pdf
2016-03-29 14:50 - 2016-03-29 14:50 - 00111613 _____ C:\Users\Jeff Fralick\Downloads\JeffResume1.doc (3).pdf
2016-03-29 14:23 - 2016-03-29 14:23 - 00125892 _____ C:\Users\Jeff Fralick\Downloads\ShuttleOptions (1).pdf
2016-03-29 14:14 - 2016-03-29 14:14 - 00125892 _____ C:\Users\Jeff Fralick\Downloads\ShuttleOptions.pdf
2016-03-29 14:12 - 2016-03-29 14:12 - 00126497 _____ C:\Users\Jeff Fralick\Downloads\ShuttleOptionsandPricing (3).pdf
2016-03-28 13:46 - 2016-03-28 13:47 - 00111641 _____ C:\Users\Jeff Fralick\Downloads\JeffResume1.doc (2).pdf
2016-03-28 13:43 - 2016-03-28 13:43 - 00111641 _____ C:\Users\Jeff Fralick\Downloads\JeffResume1.doc (1).pdf
2016-03-28 10:17 - 2016-03-28 10:17 - 00174806 _____ C:\Users\Jeff Fralick\Downloads\VehiclePreventativeMaintenanceProgramProposalforDynaServInc. (1).pdf
2016-03-25 14:13 - 2016-03-25 14:13 - 00173374 _____ C:\Users\Jeff Fralick\Downloads\VehiclePreventativeMaintenanceProgramProposalforDynaServInc..pdf
2016-03-25 11:45 - 2016-03-25 11:45 - 04392894 _____ C:\Users\Jeff Fralick\Downloads\USFLEETPROFILE (3) (1) (1).pdf
2016-03-24 17:10 - 2016-03-24 17:11 - 108892233 _____ C:\Users\Jeff Fralick\Desktop\drum clip.mp4
2016-03-23 14:45 - 2016-03-23 14:45 - 00095915 _____ C:\Users\Jeff Fralick\Downloads\Junior2.pdf
2016-03-23 14:35 - 2016-03-23 14:35 - 00095187 _____ C:\Users\Jeff Fralick\Downloads\Junior.pdf
2016-03-23 14:33 - 2016-03-23 14:33 - 00096818 _____ C:\Users\Jeff Fralick\Downloads\1.pdf
2016-03-22 11:27 - 2016-03-22 11:27 - 00092672 _____ C:\Users\Jeff Fralick\Downloads\current_luxury_limousine_bases (3).xls
2016-03-22 11:26 - 2016-03-22 11:26 - 00092672 _____ C:\Users\Jeff Fralick\Downloads\current_luxury_limousine_bases (2).xls
2016-03-21 18:03 - 2016-03-21 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-21 17:56 - 2016-03-21 17:57 - 172917615 _____ C:\Users\Jeff Fralick\Desktop\My Movie.mp4
2016-03-21 17:45 - 2016-03-21 17:45 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-03-21 17:45 - 2016-03-21 17:45 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-03-21 17:45 - 2016-03-21 17:45 - 00000000 ____D C:\windows\PCHEALTH
2016-03-21 17:45 - 2016-03-21 17:45 - 00000000 ____D C:\windows\en
2016-03-21 17:45 - 2016-03-21 17:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-03-21 17:44 - 2016-03-21 17:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-03-21 17:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2016-03-21 17:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2016-03-21 17:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2016-03-21 17:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2016-03-21 17:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2016-03-21 17:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2016-03-21 17:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2016-03-21 17:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2016-03-21 17:44 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2016-03-21 17:44 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2016-03-21 17:44 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2016-03-21 17:44 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2016-03-21 17:43 - 2016-03-21 17:43 - 01239752 _____ (Microsoft Corporation) C:\Users\Jeff Fralick\Downloads\wlsetup-web (1).exe
2016-03-21 17:42 - 2016-03-24 16:47 - 00000000 ____D C:\Users\Jeff Fralick\AppData\Local\Windows Live
2016-03-21 17:42 - 2016-03-21 17:42 - 01239752 _____ (Microsoft Corporation) C:\Users\Jeff Fralick\Downloads\wlsetup-web.exe
2016-03-16 13:21 - 2016-03-16 13:21 - 00111651 _____ C:\Users\Jeff Fralick\Downloads\JeffResume1.doc.pdf
2016-03-10 17:54 - 2016-03-10 17:54 - 00875285 _____ C:\Users\Jeff Fralick\Downloads\Choose a layout.pdf
2016-03-10 12:25 - 2016-03-10 12:25 - 00080169 _____ C:\Users\Jeff Fralick\Downloads\Empire State 1001393 (1).pdf
2016-03-10 12:23 - 2016-03-10 12:23 - 00080169 _____ C:\Users\Jeff Fralick\Downloads\Empire State 1001393.pdf
2016-03-09 00:39 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-09 00:39 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-09 00:39 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-09 00:39 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-09 00:39 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-09 00:39 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-09 00:39 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-03-09 00:39 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-03-09 00:39 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-03-09 00:39 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-03-09 00:39 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-09 00:39 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-09 00:39 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-09 00:39 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-03-09 00:39 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-09 00:39 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-09 00:39 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-03-09 00:39 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-09 00:39 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-09 00:39 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-09 00:39 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-09 00:39 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-09 00:39 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-09 00:39 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-09 00:39 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-09 00:39 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-09 00:39 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-09 00:39 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-09 00:39 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-03-09 00:39 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-09 00:39 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-09 00:39 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-03-09 00:39 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-09 00:39 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-09 00:39 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-09 00:39 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-09 00:39 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-09 00:39 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-03-09 00:39 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-09 00:39 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-09 00:39 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-09 00:39 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-03-09 00:39 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 00:39 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-03-09 00:39 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-03-09 00:39 - 2016-01-24 14:19 - 00419160 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-03-09 00:39 - 2016-01-24 14:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-03-09 00:39 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-03-09 00:39 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-03-09 00:39 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-03-09 00:39 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-03-09 00:39 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-03-09 00:39 - 2016-01-08 21:38 - 00091992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-03-09 00:39 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-03-09 00:39 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-09 00:38 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-09 00:38 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-09 00:38 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-03-09 00:38 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-09 00:38 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-09 00:38 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-09 00:38 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-09 00:38 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-09 00:38 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-09 00:38 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-09 00:38 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-09 00:38 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-09 00:38 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-09 00:38 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-09 00:38 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-09 00:38 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-03-09 00:38 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-03-09 00:38 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-09 00:38 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-09 00:38 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-09 00:38 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-09 00:38 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-09 00:38 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-09 00:38 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-09 00:38 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-09 00:38 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-09 00:38 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-09 00:38 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-09 00:38 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-03-09 00:38 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-09 00:38 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-09 00:38 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-09 00:38 - 2016-01-15 12:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-03-09 00:38 - 2016-01-15 12:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-03-09 00:38 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-09 00:38 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-09 00:38 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-03-09 00:38 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-03-09 00:38 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-03-09 00:38 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-03-09 00:38 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-03-09 00:38 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-03-09 00:38 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-03-09 00:38 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-03-09 00:38 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-09 00:38 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 12:02 - 2014-11-03 15:30 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-04 12:01 - 2014-11-03 15:15 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{C3E63F8C-F8A1-4537-B7A8-7BA96B719987}
2016-04-04 12:00 - 2015-08-02 21:54 - 00000934 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-04 11:43 - 2014-11-03 15:16 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1136221580-1407302259-1838447914-1001
2016-04-04 10:26 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-04-03 22:08 - 2014-11-03 15:30 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-03 22:07 - 2015-08-02 21:54 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-03 22:07 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-03 22:06 - 2014-11-03 15:09 - 00000000 ____D C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform
2016-04-01 09:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2016-04-01 01:08 - 2014-10-11 02:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-03-30 23:33 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-03-30 20:05 - 2014-11-03 15:36 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-29 15:10 - 2014-11-03 15:10 - 00000000 ____D C:\Users\Jeff Fralick\AppData\Local\Packages
2016-03-24 16:19 - 2014-03-18 05:53 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-24 00:48 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-03-24 00:41 - 2015-04-20 16:05 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-03-24 00:41 - 2015-04-20 16:05 - 00000000 ___SD C:\windows\system32\GWX
2016-03-22 11:09 - 2015-08-02 22:09 - 00000000 ___RD C:\Users\Jeff Fralick\Dropbox
2016-03-22 11:09 - 2015-08-02 21:54 - 00000000 ____D C:\Users\Jeff Fralick\AppData\Local\Dropbox
2016-03-21 18:34 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-21 18:03 - 2015-08-02 21:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-16 10:06 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 10:05 - 2015-05-29 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-11 16:03 - 2014-11-03 15:31 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-03-11 16:03 - 2014-11-03 15:31 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-03-11 16:03 - 2014-11-03 15:31 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-03-11 16:03 - 2014-11-03 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-11 12:01 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2016-03-11 10:52 - 2013-08-22 10:44 - 00526032 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-11 10:42 - 2014-12-20 17:23 - 00000000 ____D C:\windows\system32\appraiser
2016-03-09 23:21 - 2015-04-30 22:55 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-09 02:12 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 02:11 - 2014-11-08 16:38 - 00000000 ____D C:\windows\system32\MRT
2016-03-09 02:01 - 2014-11-08 16:38 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-09 00:35 - 2016-01-04 13:35 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-03-09 00:35 - 2016-01-04 13:34 - 00372224 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-03-09 00:35 - 2016-01-04 13:34 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-03-08 12:30 - 2016-01-21 13:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-08 03:00 - 2015-06-13 22:17 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2015-06-13 22:17 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-07-21 21:25 - 2015-07-21 21:25 - 0000002 _____ () C:\Users\Jeff Fralick\AppData\Local\TempDefVehDesc.txt
2014-11-25 14:00 - 2014-11-25 14:00 - 0103749 _____ () C:\Users\Jeff Fralick\AppData\Local\VZWifiIcon.ico
2014-10-11 01:25 - 2014-10-11 01:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-11 08:46 - 2015-06-11 08:47 - 0000389 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Jeff Fralick\MetricCollection.dll


Some files in TEMP:
====================
C:\Users\Jeff Fralick\AppData\Local\Temp\ext3766115505853130649.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 05:40

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (39.0 KB, 47 views)
usfleetserv is offline  
Sponsored Links
Advertisement
 
Old 04-05-2016, 06:49 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello usfleetserv,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we?

=========================================================

From FRST.txt:
Quote:
Running from C:\Users\Jeff Fralick\Downloads
FRST tool should be run from the desktop unless it is a different situation.
=========================================================

Please do the below steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Popcorn Time >>>>> Please Read

STEP 2

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #3] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #2] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL = 
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
CHR HomePage: Default -> hxxp://homepage-web.com/?s=lenovo&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=lenovo&m=start"
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
2014-10-11 01:25 - 2014-10-11 01:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
FirewallRules: [{8D910A0C-8D91-4E8D-8D69-C1A591B3974F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FFC4869E-8DD3-4730-96C7-65D327D6E0D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4A5D90C3-44C6-47EB-8163-93ACB94018C2}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B2F7CEFD-E769-499F-9591-95B93FC30F0E}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{8479E432-DE46-49A2-BCDB-F3A4D9A8300D}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A0AA2C91-0939-4BF0-AF19-1C8860C06A20}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 04-05-2016, 09:49 AM   #3
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



Hi Thanks again for your help. It seems I am unable to uninstall Popcorn Time....I keep getting an error that says:

the request could not be performed because of an I/O error.

I have no hardware connected to laptop.

I did not proceed any further.

Jeff
usfleetserv is offline  
Sponsored Links
Advertisement
 
Old 04-06-2016, 01:09 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

You're Welcome! Thanks for info. We try Revo Uninstaller for "Popcorn Time". Please Do the following. Let me know result.

Please download and install Revo Uninstaller Free

Double click Revo Uninstaller to run it.
From the list of programs double click on Popcorn Time
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
Be sure the Moderate option is selected then click Next.
When the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
When prompted click on Yes and then on next.
Put a check on any folders that are found and select delete
When prompted select yes then on next
Once done click Finish.
__________________
tekir06 is offline  
Old 04-06-2016, 02:47 PM   #5
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1


I'm so sorry but now my computer has slowed almost completely. It seems trying to uninstall Popcorn Time has caused the issue to get worse.
I'm not sure what to do, my computer boots, but then just starts running very slow and I can't even get my emails to open. Right now I'm responding on my phone.
Is there anything I can do?
usfleetserv is offline  
Old 04-07-2016, 12:25 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

Ok. Thanks for the info. Please try do the Step 2.
__________________
tekir06 is offline  
Old 04-07-2016, 01:22 PM   #7
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1


I tried to continue to step 2, but now my computer slows down completely and I can't open a browser.. I was able to boot in safe mode, but I still wasnt able to open a browser without it freezing up.
Im so sorry, it seems to have started when I tried to uninstall "popcorn time".
Is there anything else I can do?
usfleetserv is offline  
Old 04-08-2016, 01:42 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

I understand. Thanks for info. Let's try to run Malwarebytes. Please try it on normal mode. If not, try in safe mode. Let me know the result.

Would you try to step 2 in safe mode?

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 04-08-2016, 07:31 PM   #9
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



Hello again,

I was able to run the farbr fix tool in safe mode, here is the info. I also ran an Malwarebytes scan and I attached that as well.

I am not able to run anything in normal mode, even after running Malwarebytes

Thanks
Jeff

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jeff Fralick (2016-04-08 14:00:30) Run:1
Running from C:\Users\Jeff Fralick\Desktop
Loaded Profiles: Jeff Fralick (Available Profiles: Jeff Fralick)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jeff Fralick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #3] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\...\RunOnce: [Application Restart #2] => C:\Users\Jeff Fralick\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874536 2016-02-14] (Pokki)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {200C8852-7243-41B2-9D23-6D9875F2821F} URL =
SearchScopes: HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
CHR HomePage: Default -> hxxp://homepage-web.com/?s=lenovo&m=home
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=lenovo&m=start"
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
2014-10-11 01:25 - 2014-10-11 01:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
FirewallRules: [{8D910A0C-8D91-4E8D-8D69-C1A591B3974F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FFC4869E-8DD3-4730-96C7-65D327D6E0D0}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4A5D90C3-44C6-47EB-8163-93ACB94018C2}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B2F7CEFD-E769-499F-9591-95B93FC30F0E}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{8479E432-DE46-49A2-BCDB-F3A4D9A8300D}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A0AA2C91-0939-4BF0-AF19-1C8860C06A20}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Octoshape Streaming Services => value removed successfully
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => value removed successfully
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5}" => key removed successfully
HKCR\CLSID\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} => key not found.
DefaultScope {4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms} => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{200C8852-7243-41B2-9D23-6D9875F2821F} => key not found.
HKCR\CLSID\{200C8852-7243-41B2-9D23-6D9875F2821F} => key not found.
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} => key not found.
HKCR\CLSID\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} => key not found.
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{200C8852-7243-41B2-9D23-6D9875F2821F} => key not found.
HKCR\CLSID\{200C8852-7243-41B2-9D23-6D9875F2821F} => key not found.
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} => key not found.
HKCR\CLSID\{4B2B08C8-FB03-11E4-8284-C1B75D3A17D5} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"HKU\S-1-5-21-1136221580-1407302259-1838447914-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
HKU\S-1-5-21-1136221580-1407302259-1838447914-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => key removed successfully
Update service => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D910A0C-8D91-4E8D-8D69-C1A591B3974F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFC4869E-8DD3-4730-96C7-65D327D6E0D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A5D90C3-44C6-47EB-8163-93ACB94018C2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2F7CEFD-E769-499F-9591-95B93FC30F0E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8479E432-DE46-49A2-BCDB-F3A4D9A8300D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0AA2C91-0939-4BF0-AF19-1C8860C06A20} => value removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========

EmptyTemp: => 10.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:07:46 ====
usfleetserv is offline  
Old 04-08-2016, 07:34 PM   #10
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



Sorry, Attached is Malwarebytes log
Attached Files
File Type: txt mawarebytesscan1.txt (16.9 KB, 32 views)
usfleetserv is offline  
Old 04-09-2016, 04:05 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

How is the machine behaving now? What problems do you still have?
__________________
tekir06 is offline  
Old 04-09-2016, 04:51 PM   #12
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



No change, Still unable to run in normal mode. When i try to run in normal mode it is still very slow and eventually freezes up.

I can only run in safe mode still
usfleetserv is offline  
Old 04-10-2016, 03:57 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
__________________
tekir06 is offline  
Old 04-13-2016, 06:49 AM   #14
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



Hello,

Here is the log for jrt. I couldnt find the log for the adw cleaner, nce my computer rebooted it was only available in normal mode and i cant see it.

No change so far my computer only runs in safe mode.

thanks again

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Jeff Fralick (Limited) on Wed 04/13/2016 at 8:43:35.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{200C8852-7243-41B2-9D23-6D9875F2821F} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/13/2016 at 8:46:31.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
usfleetserv is offline  
Old 04-14-2016, 10:13 AM   #15
Registered Member
 
Join Date: Apr 2016
Posts: 9
OS: windows 8.1



I was finally able to run in normal mode but my computer still has a long delay between clicks

attached are the 2 scans you requested

thanks sorry such a hassle

# AdwCleaner v5.110 - Logfile created 14/04/2016 at 09:48:05
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Jeff Fralick - JEFFPC
# Running from : C:\Users\Jeff Fralick\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage
[-] File Deleted : C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : homepage-web.com
[-] [C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://homepage-web.com/?s=lenovo&m=start
[-] [C:\Users\Jeff Fralick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://homepage-web.com/?s=lenovo&m=home

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5459 bytes] - [12/04/2016 10:56:13]
C:\AdwCleaner\AdwCleaner[C2].txt - [2344 bytes] - [14/04/2016 09:48:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [5560 bytes] - [12/04/2016 10:50:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [2414 bytes] - [14/04/2016 09:25:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2563 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Jeff Fralick (Administrator) on Thu 04/14/2016 at 9:57:57.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/14/2016 at 10:03:27.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
usfleetserv is offline  
Old 04-14-2016, 05:10 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

Thanks for the logs. Please try to scan below file VirusTotal from Safe Mode with Networking.

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\Users\Jeff Fralick\AppData\Loca\Temp\ext3766115505853130649.dll

Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

=========================================================


Do you have information about the following user accounts?
Quote:
632D65B38A6243AF9C7E (S-1-5-21-1136221580-1407302259-1838447914-1005 - Limited - Enabled)
953D77AE8FC34696BDF2 (S-1-5-21-1136221580-1407302259-1838447914-1006 - Limited - Enabled)
=========================================================

Did you try to upgrade Windows 10?
__________________
tekir06 is offline  
Old 04-17-2016, 11:43 PM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Jeff,

Still with us ? If you don't reply within 24 hours, this thread shall be closed.
__________________
tekir06 is offline  
Old 04-19-2016, 07:32 AM   #18
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Re: IE7 cannot connect with secure sites
Hi...Corday of the Internet Explorer forum site suggested that I put the DDS file and Attach files on this forum. I could not download the ark.txt from the many GMER sites that I saw. The following was sent to Corday who suggested the re-direction to the Security centre. Corday..thanks...
raringer Resolved HJT Threads 43 06-26-2012 09:33 PM
Happili Virus Redirect
Hello: I've been hit with the Happili virus where it redirects me when I conduct a google search. Attached is the GMER and TDSS files. Your help is greatly appreciated. Thank you. -ttvr4
ttvr4 Resolved HJT Threads 14 05-15-2012 12:47 PM
BSOD Help
Computer is giving bsod, i have attached a bsod zip file of the 3 bsod mini dumps. thanks Summary Operating System MS Windows 7 Home Premium 64-bit SP1 CPU
dunz BSOD, App Crashes And Hangs 2 03-12-2012 08:03 PM
bsod help
HI there, can you please help me figure out what is causing a bsod, i have ran speccy to get as much info about the system as possible (i hope this is ok?) i have attached a rar of the minidump. I could only find a sticky for bsod instructions for vista/7, if there is one for xp can you...
dunz BSOD, App Crashes And Hangs 4 02-02-2012 11:17 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:13 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts