Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware/Adware Browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware/Adware Browser

Unread postby javcal » April 5th, 2015, 4:50 am

Hi there,

My browser has become unusable by all sorts of popups. My start page was changed by "searchult" and a lot of unwanted programs where installed and cant remove. I tried Malwarebytes but it gets "closed" when tring to finish removing the detected threats, even in "safe mode".

Please help, here's the DDS.txt and Attach, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689
Run by Jorge at 1:03:19 on 2015-04-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3792.840 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Users\Jorge\AppData\Roaming\ntsvc\ntsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\XTab\ProtectService.exe
C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\System32\rundll32.exe
C:\Users\Jorge\AppData\Local\gmsd_mx_221\upgmsd_mx_221.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\RtsCM64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Jorge\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
uDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp ... 0861401507
uDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
mStart Page = about:blank
mSearch Page = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp ... 0861401507
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
uRun: [OneDrive] "C:\Users\Jorge\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [GoogleChromeAutoLaunch_78C0B73CB08C3E9D0F2E8E5DB8D5F6A8] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRun: [gmsd_mx_221] "C:\Program Files (x86)\gmsd_mx_221\gmsd_mx_221.exe"
mRunOnce: [upgmsd_mx_221.exe] C:\Users\Jorge\AppData\Local\gmsd_mx_221\upgmsd_mx_221.exe -runonce
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Jorge\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CROSSB~1.LNK - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
StartupFolder: C:\Users\Jorge\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HQGHUM~1.LNK - C:\ProgramData\{f60ca7ba-9a9c-7c5d-f60c-ca7ba9a99eea}\hqghumeaylnlf.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254 0.0.0.0
TCP: Interfaces\{CD78D382-E278-49F4-B0BC-2459FF4D72BC} : DHCPNameServer = 192.168.1.254 0.0.0.0
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp ... 0861401507
x64-mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type= ... 1401507&q={searchTerms}
x64-Run: [RtsCM] RTSCM64.EXE
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2015-3-19 29512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-3-19 1399536]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-3-19 30960]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2015-3-19 22800]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-7-18 786304]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-7-18 348560]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-9-18 29392]
R1 ndisrd;Intel(R) Technology Access Filter Driver;C:\Windows\System32\drivers\ndisrfl.sys [2014-10-30 41176]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-10-28 1206648]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2014-10-28 1710456]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-10-28 1165688]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-3-31 9954096]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2015-3-19 328296]
R2 IHProtect Service;IHProtect Service;C:\Program Files (x86)\XTab\ProtectService.exe [2015-3-16 158816]
R2 Intel(R) TechnologyAccessService;Intel(R) Technology Access Service;C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [2015-1-23 95624]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-10-10 158496]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2015-3-19 59120]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-3-19 111048]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2015-3-19 72944]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2015-3-19 197360]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2015-3-19 115184]
R2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [2015-3-19 21552]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-4-5 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-4-5 1080120]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2014-9-4 562200]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [2015-1-22 422632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2015-3-19 1050952]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe [2015-3-19 221832]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2015-3-19 189920]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 124560]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [2014-5-15 230920]
R2 NitroUpdateService;NitroUpdateService;C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-5-15 417800]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-5-15 69640]
R2 Sed;Net Service Event Handler;C:\Users\Jorge\AppData\Roaming\ntsvc\ntsvc.exe [2015-4-5 672824]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2015-3-19 124400]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2015-3-19 126512]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-12-4 3820960]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2014-10-28 141624]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2014-11-24 1447736]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-7-18 72136]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2015-3-19 489752]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\Windows\System32\drivers\ibtusb.sys [2014-10-28 231152]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2015-3-19 388880]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2015-3-19 799504]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2014-12-4 27000]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-4-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-4-5 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-4-5 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-7-18 313680]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-7-18 526360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-9-19 447440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2015-3-19 1668848]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2014-12-5 317224]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2015-3-19 466136]
R3 rtsuvc;Integrated Camera;C:\Windows\System32\drivers\rtsuvc.sys [2015-3-19 2599128]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2015-3-19 32936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S2 iBtSiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [2014-10-28 124520]
S2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2014-12-5 61232]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2015-3-19 319536]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2015-3-29 1471352]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-3-29 197704]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-3-19 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-29 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2014-12-4 38264]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-3-19 455440]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-5-13 887256]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-7-10 174368]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [2015-3-19 619776]
S3 LenovoProdRegManager;PowerENGAGE Maintenance Service;C:\Program Files (x86)\Lenovo Registration\EngageService.exe [2015-1-9 293416]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-12-1 272776]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2015-3-19 332528]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-9-19 96600]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-12-4 268192]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2015-3-19 1664752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-30 1255736]
S4 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [2015-3-19 335064]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2015-04-06 07:56:13 -------- d--h--w- C:\OneDriveTemp
2015-04-06 06:52:02 -------- d-----w- C:\FRST
2015-04-06 06:40:26 -------- d-----w- C:\ProgramData\49c83f3d000026ce
2015-04-06 05:54:25 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-06 05:52:21 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-06 05:52:21 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-06 05:52:21 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-06 05:52:20 -------- d-----w- C:\ProgramData\Malwarebytes
2015-04-06 05:52:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-06 05:47:40 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3168F318-6181-443D-AEFB-BC813F3CCF3C}\mpengine.dll
2015-04-06 05:46:45 12002392 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-05 15:46:41 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22550098-5006-4483-846B-85D9BAB62742}\gapaengine.dll
2015-04-05 15:43:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2015-04-05 15:43:27 -------- d-----w- C:\Program Files\Microsoft Security Client
2015-04-05 15:42:50 -------- d-----w- C:\Users\Jorge\AppData\Local\Crossbrowse
2015-04-05 15:26:04 -------- d-----w- C:\Windows\SysWow64\Flash
2015-04-05 15:25:42 -------- d-sh--w- C:\Users\Jorge\AppData\Roaming\AnyProtectEx
2015-04-05 15:25:32 -------- d-----w- C:\ProgramData\IHProtectUpDate
2015-04-05 15:25:02 -------- d-----w- C:\Users\Jorge\AppData\Roaming\mystartsearch
2015-04-05 15:23:15 -------- d-----w- C:\Program Files (x86)\version92BlockAndSurf
2015-04-05 15:22:49 -------- d-----w- C:\Users\Jorge\AppData\Roaming\ntsvc
2015-04-05 15:22:49 -------- d-----w- C:\Users\Jorge\AppData\Roaming\Macwebtoise
2015-04-05 15:22:48 -------- d-----w- C:\Users\Jorge\AppData\Roaming\searchult
2015-04-05 15:22:43 -------- d-----w- C:\Program Files (x86)\Crossbrowse
2015-04-05 15:22:42 1921536 ----a-w- C:\Users\Jorge\AppData\Roaming\ILMHVSL.exe
2015-04-05 15:22:37 -------- d-----w- C:\Program Files (x86)\CinemaPlus-3.2cV04.04
2015-04-05 15:21:31 -------- d-----w- C:\Users\Jorge\AppData\Local\gmsd_mx_221
2015-04-05 15:21:31 -------- d-----w- C:\Program Files (x86)\gmsd_mx_221
2015-04-05 15:18:25 -------- d-----w- C:\Program Files (x86)\XTab
2015-04-05 15:18:17 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2015-04-05 15:17:59 -------- d-----w- C:\Users\Jorge\AppData\Roaming\C16A5A01-1428247078-11CB-9F47-F9EE8E68016C
2015-04-05 15:17:52 -------- d-----w- C:\Users\Jorge\AppData\Roaming\luckysearches
2015-04-05 15:17:43 -------- d-----w- C:\Users\Jorge\AppData\Roaming\Opera Software
2015-04-05 15:17:43 -------- d-----w- C:\Users\Jorge\AppData\Local\Opera Software
2015-04-05 15:16:42 -------- d-----w- C:\Users\Jorge\AppData\Local\Programs
2015-04-05 15:16:41 -------- d-----w- C:\ProgramData\{f60ca7ba-9a9c-7c5d-f60c-ca7ba9a99eea}
2015-04-05 15:16:02 -------- d-----w- C:\Program Files (x86)\SavePass 1.1
2015-04-05 15:15:38 -------- d-----w- C:\Program Files (x86)\version86CheckMeUp
2015-04-05 15:15:19 1779200 ----a-w- C:\Users\Jorge\AppData\Roaming\AQCDRC.exe
2015-04-05 15:15:19 -------- d-----w- C:\Users\Jorge\AppData\Local\globalUpdate
2015-04-05 15:15:19 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-04-05 07:05:16 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-04-05 07:05:16 -------- d-s---w- C:\Windows\System32\GWX
2015-04-03 06:29:55 -------- d-----w- C:\Users\Jorge\AppData\Local\Adobe
2015-04-01 14:33:15 -------- d-----w- C:\Users\Jorge\AppData\Roaming\DropboxOEM
2015-04-01 06:08:53 -------- d-----w- C:\Program Files\Software Republic
2015-04-01 06:06:23 118 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-04-01 02:28:20 -------- d-----w- C:\ProgramData\FARO
2015-04-01 02:20:09 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2015-03-31 17:36:29 -------- d-----w- C:\Users\Jorge\AppData\Roaming\Nitro
2015-03-31 15:40:47 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2015-03-31 01:57:14 -------- d-----w- C:\Windows\SysWow64\Wat
2015-03-31 01:57:14 -------- d-----w- C:\Windows\System32\Wat
2015-03-29 21:38:11 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-03-29 21:38:11 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-03-29 21:38:11 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-03-29 21:38:11 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-03-29 21:38:11 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-03-29 21:38:11 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-03-29 21:38:08 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-03-29 21:38:08 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-03-29 21:33:05 -------- d-----w- C:\Windows\System32\LSC
2015-03-29 21:31:21 -------- d-----w- C:\Windows\System32\appmgmt
2015-03-29 21:29:17 774144 ----a-w- C:\Windows\System32\sqlite3odbc.dll
2015-03-29 20:42:59 -------- d-----w- C:\Users\Jorge\AppData\Local\cache
2015-03-29 17:46:26 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2015-03-29 17:44:44 -------- d-----w- C:\Users\Jorge\AppData\Local\Autodesk
2015-03-29 17:44:44 -------- d-----w- C:\Program Files\Autodesk
2015-03-29 17:43:36 -------- d-----w- C:\Program Files (x86)\Autodesk
2015-03-29 17:43:20 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2015-03-29 17:43:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2015-03-29 17:43:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2015-03-29 17:43:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2015-03-29 17:43:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2015-03-29 17:39:50 -------- d-----w- C:\Users\Jorge\AppData\Roaming\Autodesk
2015-03-29 16:30:25 -------- d-----w- C:\Users\Jorge\AppData\Local\ElevatedDiagnostics
2015-03-29 15:20:14 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2015-03-29 15:13:59 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2015-03-29 15:12:01 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-03-29 15:12:01 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-03-29 15:12:01 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-03-29 15:12:00 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-03-29 15:10:58 1118720 ----a-w- C:\Windows\System32\mstsc.exe
2015-03-29 15:10:57 455168 ----a-w- C:\Windows\System32\winlogon.exe
2015-03-29 15:10:57 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2015-03-29 15:10:57 235520 ----a-w- C:\Windows\System32\winsta.dll
2015-03-29 15:10:57 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2015-03-29 15:10:57 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2015-03-29 15:10:57 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2015-03-29 15:10:57 1051136 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-03-29 15:10:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-29 15:10:43 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-03-29 15:10:43 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-03-29 15:08:09 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-29 15:08:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-29 14:59:36 -------- d-----r- C:\Users\Jorge\OneDrive
2015-03-29 14:58:38 -------- d-----w- C:\swshare
2015-03-29 06:15:28 -------- d-----w- C:\Users\Jorge\AppData\Roaming\PwrMgr
2015-03-29 06:13:40 -------- d-----w- C:\Users\Jorge\AppData\Roaming\LSC
2015-03-29 06:12:02 -------- d-----w- C:\Users\Jorge\REACHit
2015-03-29 06:11:34 -------- d-----w- C:\Users\Jorge\AppData\Local\Downloaded Installations
2015-03-29 06:10:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2015-03-29 06:10:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2015-03-29 06:10:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2015-03-29 06:10:03 -------- d-----w- C:\Users\Jorge\AppData\Local\Aviata
2015-03-29 06:09:59 -------- d-----w- C:\Users\Jorge\AppData\Local\DropboxOEM
2015-03-29 06:04:30 -------- d-sh--w- C:\Users\Jorge\AppData\Local\EmieUserList
2015-03-29 06:04:30 -------- d-sh--w- C:\Users\Jorge\AppData\Local\EmieSiteList
2015-03-29 06:04:30 -------- d-sh--w- C:\Users\Jorge\AppData\Local\EmieBrowserModeList
2015-03-19 21:38:59 -------- d-----w- C:\Windows\util
2015-03-19 21:36:58 -------- d-----w- C:\Windows\SysWow64\sda
2015-03-19 21:36:57 9889352 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2015-03-19 21:36:57 466136 ----a-w- C:\Windows\System32\drivers\RtsPer.sys
2015-03-19 21:36:48 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2015-03-19 21:36:08 -------- d-----w- C:\Program Files\Intel Corporation
2015-03-19 21:35:13 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2015-03-19 21:35:03 142229504 ----a-w- C:\ProgramData\Microsoft\OEMOffice15\OOBE\x86\oemoobe.msi
2015-03-19 21:34:33 -------- d-----w- C:\Program Files (x86)\Common Files\LENOVO
2015-03-19 21:33:31 189920 ----a-w- C:\Windows\System32\mfevtps.exe
2015-03-19 21:33:25 -------- d-----w- C:\Program Files (x86)\mcafee.com
2015-03-19 21:33:24 -------- d-----w- C:\Program Files\mcafee.com
2015-03-19 21:33:24 -------- d-----w- C:\Program Files\mcafee
2015-03-19 21:33:24 -------- d-----w- C:\Program Files\Common Files\McAfee
2015-03-19 21:33:24 -------- d-----w- C:\Program Files (x86)\McAfee
2015-03-19 21:33:24 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2015-03-19 21:33:11 -------- d-----w- C:\ProgramData\Aviata
2015-03-19 21:33:11 -------- d-----w- C:\Program Files (x86)\Lenovo Registration
2015-03-19 21:32:58 6081224 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44a0d4571d0628c01\onedrivesetup.exe
2015-03-19 21:32:58 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-03-19 21:32:58 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2015-03-19 21:32:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2015-03-19 21:32:51 29704 ----a-w- C:\Windows\System32\nitrolocalmon9.dll
2015-03-19 21:32:51 17928 ----a-w- C:\Windows\System32\nitrolocalui9.dll
2015-03-19 21:32:43 -------- d-----w- C:\ProgramData\Nitro
2015-03-19 21:32:43 -------- d-----w- C:\Program Files\Nitro
2015-03-19 21:32:43 -------- d-----w- C:\Program Files\Common Files\Nitro
2015-03-19 21:32:43 -------- d-----w- C:\Program Files (x86)\Nitro
2015-03-19 21:32:08 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-03-19 21:31:24 -------- d-----w- C:\Program Files\Lenovo
2015-03-19 21:31:21 -------- d-----w- C:\Windows\Downloaded Installations
2015-03-19 21:30:59 2692848 ------w- C:\Windows\PWMBTHLV.EXE
2015-03-19 21:30:58 29512 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS
2015-03-19 21:30:58 2861296 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2015-03-19 21:30:58 20736 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2015-03-19 21:30:58 -------- d-----w- C:\Program Files (x86)\ThinkPad
2015-03-19 21:30:57 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2015-03-19 21:30:57 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2015-03-19 21:30:57 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2015-03-19 21:30:57 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2015-03-19 21:30:57 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2015-03-19 21:30:53 -------- d-----w- C:\Program Files\ThinkPad
2015-03-19 21:28:49 -------- d-----w- C:\ProgramData\Roaming
2015-03-19 21:28:39 -------- d-----w- C:\Program Files\Common Files\Intel
2015-03-19 21:28:39 -------- d-----w- C:\Program Files (x86)\Cisco
2015-03-19 21:28:38 -------- d-----w- C:\ProgramData\Intel.sav
2015-03-19 21:24:24 -------- d-----w- C:\Program Files\Lenovo USB Graphics
2015-03-19 21:22:59 82432 ----a-w- C:\Windows\System32\OpenCL.DLL
2015-03-19 21:21:26 -------- d-----w- C:\Program Files (x86)\Common Files\PostureAgent
2015-03-19 21:21:13 -------- d-----w- C:\Program Files (x86)\Lenovo
2015-03-19 21:21:11 -------- d-----w- C:\ProgramData\Package Cache
2015-03-19 21:16:37 163840 ----a-w- C:\Windows\System32\umpo.dll
2015-03-19 21:16:16 76288 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2015-03-19 21:16:09 122368 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2015-03-19 21:16:02 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2015-03-19 21:16:02 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2015-03-19 21:15:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2015-03-19 21:15:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2015-03-19 21:15:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2015-03-19 21:15:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2015-03-19 21:15:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2015-03-19 21:15:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2015-03-19 21:15:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2015-03-19 21:15:46 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2015-03-19 21:14:39 77824 ----a-w- C:\Windows\System32\packager.dll
2015-03-19 21:14:39 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2015-03-19 21:14:32 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-03-19 21:14:32 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-03-19 21:13:53 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-03-19 21:13:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-03-19 21:13:14 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-03-19 21:13:14 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-03-19 21:13:14 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-03-19 21:12:43 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2015-03-19 21:12:43 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2015-03-19 21:12:36 424448 ----a-w- C:\Windows\System32\rastls.dll
2015-03-19 21:12:36 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2015-03-19 21:12:01 533200 ----a-w- C:\Windows\System32\winresume.exe
2015-03-19 21:12:01 457400 ----a-w- C:\Windows\System32\ci.dll
2015-03-19 21:10:41 85808 ----a-w- C:\Windows\System32\NicInstD.dll
2015-03-19 21:10:40 73512 ----a-w- C:\Windows\System32\e1dmsg.dll
2015-03-19 21:10:40 489752 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2015-03-19 21:10:40 125728 ----a-w- C:\Windows\System32\NicCo4.dll
2015-03-19 21:10:36 84208 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2015-03-19 21:10:36 60112 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2015-03-19 21:10:36 40176 ----a-w- C:\Windows\System32\tpinspm.dll
2015-03-19 21:10:35 72432 ----a-w- C:\Windows\System32\ibmpmctl.exe
2015-03-19 21:10:29 30960 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2015-03-19 21:10:29 1399536 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2015-03-19 21:10:17 1271 ----a-w- C:\Windows\MFGCLEAN.CMD
2015-03-19 21:05:47 -------- d-----w- C:\mfg
2015-03-19 20:59:33 -------- d-----w- C:\ProgramData\Lenovo
.
==================== Find3M ====================
.
2015-03-06 05:38:53 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:38:53 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:33:03 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:33:02 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:33:01 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:33:01 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:32:59 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:32:59 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:32:56 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:32:55 315904 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:32:52 729600 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:32:52 1464832 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:32:47 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:32:46 463872 ----a-w- C:\Windows\System32\certcli.dll
2015-03-06 05:32:14 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:32:00 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:29:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:29:44 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:27:29 690688 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:12:05 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:12:02 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:11:59 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:11:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:11:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:11:54 260096 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:11:49 551424 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:11:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:11:42 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-03-06 05:11:02 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:10:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:09:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:08:54 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:07:26 690688 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-03 03:55:40 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:55:40 5553600 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:53:17 617376 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:51:10 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-03 03:51:10 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-03 03:51:09 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-02-03 03:50:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-02-03 03:50:55 58880 ----a-w- C:\Windows\System32\appidapi.dll
2015-02-03 03:50:55 34304 ----a-w- C:\Windows\System32\appidsvc.dll
2015-02-03 03:50:41 112640 ----a-w- C:\Windows\System32\smss.exe
2015-02-03 03:50:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-03 03:50:09 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-02-03 03:50:09 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-02-03 03:44:29 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:38:17 3977664 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:38:17 3921848 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:32:06 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:25:18 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 02:35:36 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:58:32 459344 ----a-w- C:\Windows\System32\drivers\cng.sys
.
============= FINISH: 1:03:54.13 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2015 11:03:24 PM
System Uptime: 4/6/2015 12:55:31 AM (1 hours ago)
.
Motherboard: LENOVO | | 20BXCTO1WW
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz | U3E1 | 2178/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 159.133 GiB free.
Q: is FIXED (NTFS) - 15 GiB total, 4.812 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Lenovo Connect Device 1.0
Device ID: UUID:5D2C2460-0C34-4540-B78B-A7D6173DB435\UMB\3&4C0D123&0&UUID:5D2C2460-0C34-4540-B78B-A7D6173DB435
Manufacturer:
Name: Lenovo Connect Device 1.0
PNP Device ID: UUID:5D2C2460-0C34-4540-B78B-A7D6173DB435\UMB\3&4C0D123&0&UUID:5D2C2460-0C34-4540-B78B-A7D6173DB435
Service:
.
==== System Restore Points ===================
.
RP5: 3/29/2015 10:42:24 AM - Installed DirectX
RP6: 3/29/2015 2:28:58 PM - Installed RainCAD 2014 AutoCAD Edition
RP7: 3/29/2015 2:30:54 PM - Removed RainCAD 2014 AutoCAD Edition
RP8: 3/29/2015 2:36:00 PM - Installed RainCAD 2014 AutoCAD Edition
RP9: 3/29/2015 2:38:00 PM - Windows Update
RP10: 3/30/2015 7:13:11 PM - Removed RainCAD 2014 AutoCAD Edition
RP11: 3/30/2015 7:40:31 PM - Installed RainCAD 2014 AutoCAD Edition
RP12: 3/31/2015 8:40:34 AM - DCInstallRestorePoint
RP13: 3/31/2015 6:50:02 PM - Removed RainCAD 2014 AutoCAD Edition
RP14: 3/31/2015 7:17:56 PM - Installed DirectX
RP15: 3/31/2015 7:32:25 PM - Installed RainCAD 2014 AutoCAD Edition
RP16: 3/31/2015 7:47:05 PM - Removed RainCAD 2014 AutoCAD Edition
RP17: 3/31/2015 7:48:28 PM - Installed RainCAD 2014 AutoCAD Edition
RP18: 3/31/2015 9:49:47 PM - Removed RainCAD 2014 AutoCAD Edition
RP19: 3/31/2015 11:08:38 PM - Installed RainCAD 2014 AutoCAD Edition
RP20: 4/5/2015 12:05:10 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader XI (11.0.10) MUI
AutoCAD Architecture 2014 - English
AutoCAD Architecture 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD Architecture 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Featured Apps
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2014
Autodesk ReCap
Autodesk ReCap Language Pack-English
Create Recovery Media
DisplayLink Core Software
Dolby Home Theater v4
Dropbox 15 GB
FARO LS 1.1.501.0 (64bit)
Integrated Camera
Intel(R) Chipset Device Software
Intel(R) Management Engine Components
Intel(R) ME UninstallLegacy
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) Technology Access
Intel(R) Update Manager
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1450.402)
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Lenovo Auto Scroll Utility
Lenovo Communications Utility
Lenovo Peer Connect SDK
Lenovo Power Management Driver
Lenovo PowerENGAGE
Lenovo QuickControl
Lenovo Solution Center
Lenovo System Update
Lenovo USB Graphics
Lenovo USB3.0 to DVI VGA Monitor Adapter
Lenovo User Guide
Lenovo Warranty Information
Malwarebytes Anti-Malware version 2.1.4.1018
McAfee LiveSafe – Internet Security
Message Center Plus
Metric Collection SDK
Metric Collection SDK 35
Microsoft .NET Framework 4.5.2
Microsoft Mouse and Keyboard Center
Microsoft Office
Microsoft OneDrive
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
mystartsearch uninstall
Nitro Pro 9
On Screen Display
Power Manager
RainCAD 2014 AutoCAD Edition
REACHit
Realtek Card Reader
Realtek High Definition Audio Driver
searchult
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
SHAREit
SketchUp Import for AutoCAD 2014
Synaptics Pointing Device Driver
Thinkpad USB Ethernet Adapter Driver
ThinkVantage Active Protection System
Windows Driver Package - Intel (e1dexpress) Net (07/15/2014 12.12.50.7202)
Windows Driver Package - Intel Corporation (iaStorA) HDC (11/06/2014 13.6.0.1002)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03)
.
==== Event Viewer Messages From Past Week ========
.
4/6/2015 12:57:47 AM, Error: Service Control Manager [7000] - The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: The system cannot find the file specified.
4/6/2015 12:55:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/6/2015 12:51:42 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:44:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/6/2015 12:44:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/6/2015 12:41:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
4/6/2015 12:41:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
4/6/2015 12:39:43 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/6/2015 12:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/6/2015 12:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/6/2015 12:37:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/6/2015 12:37:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2015 12:37:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/6/2015 12:37:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache mfehidk MpFilter ndisrd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee AP Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/6/2015 12:37:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
4/5/2015 9:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
4/5/2015 8:16:49 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86387 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->23.101.187.68:123) is working properly.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 8:13:09 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2015 11:53:47 PM, Error: Service Control Manager [7034] - The Left Button Alt Key service terminated unexpectedly. It has done this 1 time(s).
4/5/2015 10:26:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.1816.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
4/5/2015 10:26:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.1816.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/5/2015 10:26:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.1816.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.11502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/5/2015 10:26:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/5/2015 10:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/1/2015 1:19:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Jorge-Laptop\Jorge SID (S-1-5-21-955408211-1274062800-1626228517-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/1/2015 1:19:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Jorge-Laptop\Jorge SID (S-1-5-21-955408211-1274062800-1626228517-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/30/2015 6:59:15 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================
javcal
Active Member
 
Posts: 6
Joined: April 5th, 2015, 4:08 am
Advertisement
Register to Remove

Re: Malware/Adware Browser

Unread postby wannabeageek » April 5th, 2015, 4:00 pm

Hello javcal, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby wannabeageek » April 5th, 2015, 5:25 pm

Hi javcal,

Please run the following and post each log separately.

Step 1.
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Step 2.
codecheck
  • Please download codecheck from here and save it to your Desktop.
  • Right-click codecheck.exe > select " Run as administrator "
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.


Step 3.
Download and run MGA Diagnostic Tool
This tool will aid us in determining what additional steps will need to be performed.

  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.



Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....




What I need back from you:
Post each separately.
  1. Contents of CKFiles.txt
  2. Contents of codecheck.txt
  3. Contents of MGA results
  4. Answers to my question related to type of computer use.
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby javcal » April 6th, 2015, 10:57 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RSNAJZ
----- EOF -----
Codecheck Version 1.0

04007
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-MV8MH-98QJM-24367
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: 00371-OEM-8992671-00437
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {23981B60-AE9A-475A-A81A-F4DE3E367104}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.150202-1521
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{23981B60-AE9A-475A-A81A-F4DE3E367104}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>00371-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-955408211-1274062800-1626228517</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20BXCTO1WW</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>JBET46WW (1.11 )</Version><SMBIOSVersion major="2" minor="7"/><Date>20150302000000.000000+000</Date></BIOS><HWID>F25A0300018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-JB </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700437-02-1033-7601.0000-0782015
Installation ID: 001793462384227134257020246520848474166181059924339212
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 24367
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 4/7/2015 7:40:45 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:31:2015 22:10
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAAAAQABAAEAAAABAAAABAABAAEA6GHkA3zVYltiqZ5MONtMOnriSqi6LA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-JB
FACP LENOVO TP-JB
HPET LENOVO TP-JB
MCFG LENOVO TP-JB
SLIC LENOVO TP-JB
ASF! LENOVO TP-JB
ECDT LENOVO TP-JB
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
PCCT LENOVO TP-JB
SSDT LENOVO TP-SSDT1
TCPA PTL LENOVO
SSDT LENOVO TP-SSDT1
UEFI LENOVO TP-JB
MSDM LENOVO TP-JB
BATB LENOVO TP-JB
FPDT LENOVO TP-JB
UEFI LENOVO TP-JB
SSDT LENOVO TP-SSDT1

This computer is for home use and has no business purpose and is not connected to business or educational network.

I didn't have any prlobles executing the instructions.

Thanks.
javcal
Active Member
 
Posts: 6
Joined: April 5th, 2015, 4:08 am

Re: Malware/Adware Browser

Unread postby javcal » April 6th, 2015, 10:57 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RSNAJZ
----- EOF -----
Codecheck Version 1.0

04007
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-MV8MH-98QJM-24367
Windows Product Key Hash: wgci5Gdejx4esg7++zTOe3LWF+4=
Windows Product ID: 00371-OEM-8992671-00437
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {23981B60-AE9A-475A-A81A-F4DE3E367104}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.150202-1521
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{23981B60-AE9A-475A-A81A-F4DE3E367104}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-24367</PKey><PID>00371-OEM-8992671-00437</PID><PIDType>2</PIDType><SID>S-1-5-21-955408211-1274062800-1626228517</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20BXCTO1WW</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>JBET46WW (1.11 )</Version><SMBIOSVersion major="2" minor="7"/><Date>20150302000000.000000+000</Date></BIOS><HWID>F25A0300018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-JB </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700437-02-1033-7601.0000-0782015
Installation ID: 001793462384227134257020246520848474166181059924339212
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 24367
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 4/7/2015 7:40:45 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:31:2015 22:10
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAAAAQABAAEAAAABAAAABAABAAEA6GHkA3zVYltiqZ5MONtMOnriSqi6LA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-JB
FACP LENOVO TP-JB
HPET LENOVO TP-JB
MCFG LENOVO TP-JB
SLIC LENOVO TP-JB
ASF! LENOVO TP-JB
ECDT LENOVO TP-JB
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
SSDT LENOVO TP-SSDT1
PCCT LENOVO TP-JB
SSDT LENOVO TP-SSDT1
TCPA PTL LENOVO
SSDT LENOVO TP-SSDT1
UEFI LENOVO TP-JB
MSDM LENOVO TP-JB
BATB LENOVO TP-JB
FPDT LENOVO TP-JB
UEFI LENOVO TP-JB
SSDT LENOVO TP-SSDT1

This computer is for home use and has no business purpose and is not connected to business or educational network.

I didn't have any prlobles executing the instructions.

Thanks.
javcal
Active Member
 
Posts: 6
Joined: April 5th, 2015, 4:08 am

Re: Malware/Adware Browser

Unread postby wannabeageek » April 7th, 2015, 1:23 am

Hi Javcal,

TSG - SysInfo utility
  • Right mouse click on this link:SysInfo utility
  • Select from the pop up box:
    "Save link as..."
  • From the left panel of the pop up box, scroll up and select desktop.
  • Click the "Save" button.
From your desktop:
  • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Right click, select copy and then paste in your next post.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby javcal » April 7th, 2015, 10:25 am

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, Intel64 Family 6 Model 61 Stepping 4
Processor Count: 4
RAM: 3792 Mb
Graphics Card: Intel(R) HD Graphics 5500, 1024 Mb
Hard Drives: C: Total - 219844 MB, Free - 164480 MB; Q: Total - 15682 MB, Free - 4927 MB;
Motherboard: LENOVO, 20BXCTO1WW
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
javcal
Active Member
 
Posts: 6
Joined: April 5th, 2015, 4:08 am

Re: Malware/Adware Browser

Unread postby wannabeageek » April 9th, 2015, 11:29 pm

Hi javcal,

Sorry for the late reply.

Maybe you could clarify a few things for me. In an earlier post you said you were not a business nor connected to an educational institution. Yet the software below is totally business oriented. I know this because I once worked for a corporation in the field of aviation and the licensed copy of AutoCad in the aeronautics field for 5 engineers was quite costly. This was only one of many programs purchased in support of the company.
Now I did some looking and could not find a free download for AutoCAD Architecture 2014 except for students & educators, which you said you were not.
This computer is for home use and has no business purpose and is not connected to business or educational network.

Then there is the FARO Laser Scanner software installed implying you have one of these devices. The device depicted at the linked web site implicates this is for a business; albeit private or public.
RainCad is sold as a commercial application only. Yet you claim not to be in business.

AutoCAD Architecture 2014 - English

FARO LS 1.1.501.0 (64bit)

RainCAD 2014 AutoCAD Edition

RainCAD™ - Landscape and Irrigation Design Software For Professionals

So could you explain again how you are not a business, please.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby javcal » April 10th, 2015, 2:39 am

I bought this computer with my own money and use it at home for personal use. Faro LS came installed with the computer, I guess. The Raincad and Autocad are trials.
javcal
Active Member
 
Posts: 6
Joined: April 5th, 2015, 4:08 am

Re: Malware/Adware Browser

Unread postby wannabeageek » April 11th, 2015, 1:25 am

We will get back to the trials software issue.
In the mean time tell me about your computer.
Make:
Model:
When you bought it:
Who you bought it from:
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby wannabeageek » April 13th, 2015, 10:49 pm

Hi javcal.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware/Adware Browser

Unread postby NonSuch » April 15th, 2015, 3:08 pm

In addition to your failure to respond within the allotted time frame, your topic is being closed for one or more of the following reasons:

  1. Use of cracked, illegal or pirated software.
  2. Use of outdated or unpatched versions of Windows.
  3. Posting for help for a business use computer.
  4. Posting in multiple malware removal forums for the same computer issue.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 141 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware