Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware issues


  • This topic is locked This topic is locked
31 replies to this topic

#1 Greenmachine1a

Greenmachine1a

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 04:06 AM

Hey guys I am new to the forum I am having some problem with malware and would appreciate some imput. I have found that a number of desktop icons have disappeared. I was not able to see any of my document, files photos etc.

I have ran unhide and malwarebytes anti-malware etc.

I have tried multiple times to various versions of rkill with no luck.

Some files are now visible but display a fake security message when I attempt to open them.

word doc, excel doc etc refuse to open altogether. Same files open when copied and open on other computers.

System Windows 7 64bit.

Open to any suggestions.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 17 September 2013 - 04:10 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 07:48 AM

Hi I have downloaded and ran DDS. It did not install any desktop shortcut or save any files to the desktop.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 17 September 2013 - 07:50 AM

Then we try another thing:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 08:02 AM

Logs as requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Jeremy (administrator) on JEREMY-PC on 17-09-2013 13:59:04
Running from C:\Windows\SysWOW64\config\systemprofile\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
() C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Broadband to Go\Broadband to Go\LoggerServer.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Wistron Corp.) C:\Program Files\Launch Manager\HotkeyApp.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TorchMedia Inc.) C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-17] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-17] (Synaptics)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-07-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-06] (Lenovo)
HKLM\...\Run: [MouseDriver] - C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [x]
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-06] (Lenovo)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] - C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-15] ()
HKLM-x32\...\Run: [MFARestart] - "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg [x]
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll  [222504 2009-05-13] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL  c:\progra~3\ffdsho~1\261123~1.78\{16cdf~1\ffdsho~1.dll c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll [ ] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Jeremy\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Jeremy\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll (Status Winks)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Download Energy Toolbar - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
Tcpip\..\Interfaces\{0591EB19-FD27-4C0C-9289-721FE2D888FA}: [NameServer]212.129.64.220 212.129.64.221
Tcpip\..\Interfaces\{6FABA535-5684-4173-8F28-04776224E231}: [NameServer]212.129.64.220 212.129.64.221
Tcpip\..\Interfaces\{89FC917E-DC4C-47FF-A292-F9D94DF0B217}: [NameServer]212.129.64.220 212.129.64.221
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 BecHelperService; C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe [1850768 2011-07-08] ()
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 HPSLPSVC; C:\Users\Jeremy\AppData\Local\Temp\7zS0B21\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2009-06-15] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-06-23] (Macrovision Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [740968 2009-06-23] (National Instruments Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [4393320 2013-09-15] (Reimage®)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
R2 TorchCrashHandler; C:\Users\Jeremy\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205088 2013-07-10] (TorchMedia Inc.)
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search)
R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros)
S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [27256 2013-09-15] (Symantec Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-17] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3532160 2011-10-11] (Sonix Technology Co., Ltd.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-17 13:58 - 2013-09-17 13:58 - 00000000 ____D C:\FRST
2013-09-17 13:35 - 2013-09-17 13:35 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-196541456-3721787801-3454904004-1000
2013-09-16 11:11 - 2013-09-16 11:12 - 00000702 _____ C:\Windows\system32\config\systemprofile\Desktop\Rkill.txt
2013-09-15 02:45 - 2013-09-15 02:44 - 01038464 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\rkill64.exe
2013-09-15 02:45 - 2013-09-15 02:42 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\risky.exe
2013-09-15 02:45 - 2012-11-17 21:46 - 00088640 _____ (Spotify Ltd) C:\Windows\system32\config\systemprofile\Desktop\SpotifySetup.exe
2013-09-15 02:45 - 2012-11-17 20:06 - 05282888 _____ (Microsoft) C:\Windows\system32\config\systemprofile\Desktop\SolarWallpaper enIE.exe
2013-09-15 02:45 - 2012-11-06 13:02 - 00294401 _____ C:\Windows\system32\config\systemprofile\Desktop\TEAM 38.pptx
2013-09-15 02:44 - 2013-09-15 02:40 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\smackss.com
2013-09-15 02:37 - 2013-09-15 02:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\candy.exe
2013-09-15 00:06 - 2013-09-15 00:06 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixTDSS.sys
2013-09-15 00:06 - 2013-09-15 00:06 - 00000000 ____D C:\FixTDSS
2013-09-14 22:04 - 2013-09-14 22:03 - 00018008 _____ C:\Windows\system32\config\systemprofile\Desktop\panda.exe.htm
2013-09-14 22:00 - 2013-09-14 21:58 - 00018624 _____ C:\Windows\system32\config\systemprofile\Desktop\iexplorer.exe.htm
2013-09-14 19:12 - 2013-09-14 19:12 - 00003440 _____ C:\Windows\System32\Tasks\Reimage Reminder
2013-09-14 19:11 - 2013-09-14 19:12 - 00000154 _____ C:\Windows\Reimage.ini
2013-09-14 19:11 - 2013-09-14 19:12 - 00000000 ____D C:\rei
2013-09-14 19:11 - 2013-09-14 19:11 - 00000000 ____D C:\Program Files\Reimage
2013-09-12 10:33 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 10:33 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 10:33 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 10:33 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 10:33 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 10:33 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 10:33 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 10:33 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 10:33 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 10:33 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 10:33 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 10:33 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 10:33 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 10:33 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 19:58 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 19:58 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 19:58 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 19:58 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 19:58 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 19:58 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 19:58 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 19:58 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 19:58 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 19:58 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 19:58 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 19:58 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 19:58 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 19:58 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 19:58 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 19:58 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 19:58 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 19:58 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 19:58 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 19:58 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 19:58 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 19:58 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 19:58 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 19:58 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 19:58 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 19:58 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 19:58 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 17:27 - 2013-09-10 17:27 - 00000000 _____ C:\Windows\SysWOW64\FAP5F61.tmp
2013-09-05 07:20 - 2013-09-15 02:11 - 00000951 _____ C:\Windows\system32\config\systemprofile\Desktop\Monthly Spreadsheet (2).lnk
2013-09-05 06:37 - 2013-09-15 00:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 06:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 20:14 - 2013-09-17 13:35 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-196541456-3721787801-3454904004-1000
2013-09-04 20:13 - 2013-09-17 13:35 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-09-04 15:54 - 2013-09-15 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 15:01 - 2013-09-04 15:01 - 00000774 _____ C:\Windows\SysWOW64\debug.log
2013-08-31 13:11 - 2013-09-05 06:17 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
 
==================== One Month Modified Files and Folders =======
 
2013-09-17 13:58 - 2013-09-17 13:58 - 00000000 ____D C:\FRST
2013-09-17 13:53 - 2012-07-06 05:55 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 13:44 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:44 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 13:42 - 2012-08-21 16:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 13:41 - 2012-07-06 05:29 - 01180399 _____ C:\Windows\WindowsUpdate.log
2013-09-17 13:35 - 2013-09-17 13:35 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-196541456-3721787801-3454904004-1000
2013-09-17 13:35 - 2013-09-04 20:14 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-196541456-3721787801-3454904004-1000
2013-09-17 13:35 - 2013-09-04 20:13 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-09-17 13:34 - 2013-01-31 17:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-17 13:34 - 2012-08-15 04:40 - 02875894 _____ C:\FaceProv.log
2013-09-17 13:34 - 2012-07-06 05:57 - 00083458 _____ C:\Windows\system32\fastboot.set
2013-09-17 13:34 - 2012-07-06 05:55 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 13:34 - 2012-07-06 05:42 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-17 13:33 - 2013-06-08 13:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-09-17 13:33 - 2013-06-03 21:23 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-09-17 13:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 13:33 - 2009-07-14 05:51 - 00116779 _____ C:\Windows\setupact.log
2013-09-17 09:53 - 2012-09-03 00:15 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-09-16 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-09-16 11:12 - 2013-09-16 11:11 - 00000702 _____ C:\Windows\system32\config\systemprofile\Desktop\Rkill.txt
2013-09-15 19:49 - 2013-09-04 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-15 11:53 - 2010-11-21 04:47 - 00125456 _____ C:\Windows\PFRO.log
2013-09-15 02:44 - 2013-09-15 02:45 - 01038464 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\rkill64.exe
2013-09-15 02:42 - 2013-09-15 02:45 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\risky.exe
2013-09-15 02:40 - 2013-09-15 02:44 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\smackss.com
2013-09-15 02:29 - 2013-09-15 02:37 - 01898112 _____ (Bleeping Computer, LLC) C:\Windows\system32\config\systemprofile\Desktop\candy.exe
2013-09-15 02:11 - 2013-09-05 07:20 - 00000951 _____ C:\Windows\system32\config\systemprofile\Desktop\Monthly Spreadsheet (2).lnk
2013-09-15 00:49 - 2013-09-05 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 00:06 - 2013-09-15 00:06 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixTDSS.sys
2013-09-15 00:06 - 2013-09-15 00:06 - 00000000 ____D C:\FixTDSS
2013-09-14 23:07 - 2013-07-16 12:28 - 00000000 ____D C:\Program Files (x86)\Movies Toolbar
2013-09-14 22:03 - 2013-09-14 22:04 - 00018008 _____ C:\Windows\system32\config\systemprofile\Desktop\panda.exe.htm
2013-09-14 21:58 - 2013-09-14 22:00 - 00018624 _____ C:\Windows\system32\config\systemprofile\Desktop\iexplorer.exe.htm
2013-09-14 19:12 - 2013-09-14 19:12 - 00003440 _____ C:\Windows\System32\Tasks\Reimage Reminder
2013-09-14 19:12 - 2013-09-14 19:11 - 00000154 _____ C:\Windows\Reimage.ini
2013-09-14 19:12 - 2013-09-14 19:11 - 00000000 ____D C:\rei
2013-09-14 19:11 - 2013-09-14 19:11 - 00000000 ____D C:\Program Files\Reimage
2013-09-13 11:42 - 2012-08-21 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 11:42 - 2012-08-21 16:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 11:42 - 2012-08-21 16:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 10:22 - 2013-02-14 20:53 - 00000450 ____H C:\Windows\Tasks\Norton Security Scan for Jeremy.job
2013-09-12 22:31 - 2009-07-14 05:45 - 00353256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 10:33 - 2013-08-15 17:25 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 10:33 - 2012-10-13 21:16 - 00829298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 10:33 - 2012-10-13 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 10:31 - 2012-09-19 08:16 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 15:15 - 2012-07-06 05:42 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-11 06:13 - 2012-10-22 21:55 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-09-11 06:13 - 2011-02-24 18:04 - 88735744 _____ C:\Windows\system32\config\RegBack\SOFTWARE
2013-09-11 06:13 - 2011-02-24 18:04 - 19562496 _____ C:\Windows\system32\config\RegBack\SYSTEM
2013-09-11 06:13 - 2011-02-24 18:04 - 00679936 _____ C:\Windows\system32\config\RegBack\DEFAULT
2013-09-11 06:13 - 2011-02-24 18:04 - 00032768 _____ C:\Windows\system32\config\RegBack\SAM
2013-09-11 06:13 - 2011-02-24 18:04 - 00028672 _____ C:\Windows\system32\config\RegBack\SECURITY
2013-09-10 17:27 - 2013-09-10 17:27 - 00000000 _____ C:\Windows\SysWOW64\FAP5F61.tmp
2013-09-05 11:42 - 2012-10-30 02:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-05 06:17 - 2013-08-31 13:11 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-09-04 15:02 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-04 15:01 - 2013-09-04 15:01 - 00000774 _____ C:\Windows\SysWOW64\debug.log
2013-08-28 15:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-23 13:03 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-22 11:48 - 2012-08-27 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-21 21:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 06:13
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by Jeremy at 2013-09-17 13:59:31
Running from C:\Windows\SysWOW64\config\systemprofile\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (x32 Version: 3.3.0.29625)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Advanced Word to Pdf Converter Free 5.0 (x32)
Alcor Micro USB Card Reader (x32 Version: 3.7.42.71192)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Bluetooth Suite (64) (Version: 7.4.0.103)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.9.9)
Atheros WLAN Client Installation Program (x32 Version: 7.0)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVG Security Toolbar (x32 Version: 15.5.0.2)
Bomber Mario (x32 Version: 1.0)
Bonjour (Version: 3.0.0.10)
Broadband to Go (x32 Version: 1.0.0)
Canon Inkjet Printer Driver Add-On Module V2.00
Complitly (x32)
Convert DOC to PDF For Word 3.50 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11)
Download Energy Toolbar (x32 Version: 6.9.0.16)
Energy Management (x32 Version: 7.0.4.1)
ffdshow manager (x32)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
Free PS Convert driver 8.15 (x32)
GanttProject (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Haali Media Splitter (x32)
HTC Driver Installer (x32 Version: 4.2.0.001)
HTC Sync Manager (x32 Version: 2.0.60.0)
Huawei modem (x32)
iLivid (x32 Version: 4.0.0.3276)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35132)
Intel® Management Engine Components (x32 Version: 8.0.0.1351)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2712)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
IPTInstaller (x32 Version: 4.0.8)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 1.0.1)
Lenovo EasyCamera (x32 Version: 5.8.56007.2)
Lenovo EE Boot Optimizer (Version: 0.0.1.9)
Lenovo OneKey Recovery (Version: 7.0.0.3712)
Lenovo OneKey Recovery (x32 Version: 7.0.0.3712)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo Welcome (x32 Version: 3.1.0011.00)
Lenovo YouCam (x32 Version: 3.1.3728)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft MSDN 2005 Express Edition - ENU (x32 Version: 1.16.50727.42)
Microsoft MSDN 2005 Express Edition - ENU (x32)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2008 (x32)
Microsoft SQL Server 2008 Browser (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Objects (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (x32 Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Database Publishing Wizard 1.3 (x32 Version: 10.0.1600.22)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)
Microsoft Visual Basic 2005 Express Edition - ENU (x32 Version: 8.0.50728)
Microsoft Visual Basic 2005 Express Edition - ENU (x32)
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747) (x32 Version: 1)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (x32)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (x32)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (x32)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.50727.42)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (x32 Version: 1)
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066)
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729)
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (x32)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
National Instruments Software (x32 Version: )
NI Assistant Framework (x32 Version: 6.5.191.0)
NI Assistant Framework 64-bit (Version: 6.5.62.0)
NI Assistant Framework LabVIEW 2009 Support (x32 Version: 6.5.112.0)
NI Assistant Framework LabVIEW Code Generator 2009 (x32 Version: 6.5.121.0)
NI CodeSignAPI (x32 Version: 2.70.346)
NI DataSocket 4.7.0 (64-bit) (Version: 4.7.39.0)
NI DataSocket 4.7.0 (x32 Version: 4.7.82.0)
NI Distributed System Manager 2009 (x32 Version: 9.0.146.0)
NI EULA Depot (x32 Version: 2.70.346)
NI Example Finder 9.0 (x32 Version: 9.0.136.0)
NI Help Assistant (64bit) (Version: 1.0.10)
NI Help Assistant (x32 Version: 1.0.10)
NI Instrument IO Assistant for LabVIEW 9.0 32 (x32 Version: 1.0.49.0)
NI LabVIEW 2009 (x32 Version: 9.0.258.0)
NI LabVIEW 2009 Applibs (x32 Version: 9.0.261.0)
NI LabVIEW 2009 CINtools (x32 Version: 9.0.260.0)
NI LabVIEW 2009 Deployment Framework (x32 Version: 9.0.5.0)
NI LabVIEW 2009 Examples (x32 Version: 9.0.260.0)
NI LabVIEW 2009 gMath (x32 Version: 9.0.255.0)
NI LabVIEW 2009 Help (x32 Version: 9.0.255.0)
NI LabVIEW 2009 Help File (x32 Version: 9.0.261.0)
NI LabVIEW 2009 Instr.lib (x32 Version: 9.0.260.0)
NI LabVIEW 2009 License (x32 Version: 9.0.253.0)
NI LabVIEW 2009 Manuals (x32 Version: 9.0.254.0)
NI LabVIEW 2009 MeasAppChm File (x32 Version: 9.0.259.0)
NI LabVIEW 2009 Menus (x32 Version: 9.0.260.0)
NI LabVIEW 2009 Project (x32 Version: 9.0.260.0)
NI LabVIEW 2009 Web Server (x32 Version: 9.0.180.0)
NI LabVIEW Broker (64 bit) (Version: 6.7.21.0)
NI LabVIEW Broker (x32 Version: 6.7.21.0)
NI LabVIEW C Interface (x32 Version: 1.0.1)
NI LabVIEW Compare Utility 9.0.0 (x32 Version: 9.0.108.0)
NI LabVIEW Deployable License 2009 (x32 Version: 9.0.253.0)
NI LabVIEW MAX XML (x32 Version: 9.0.6.0)
NI LabVIEW Merge Utility 9.0.0 (x32 Version: 9.0.148.0)
NI LabVIEW Real-Time Error Dialog (x32 Version: 8.5.294.0)
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0)
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.221.0)
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.266.0)
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.22.0)
NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0)
NI LabVIEW Web Services Runtime (x32 Version: 9.0.176.0)
NI LabWindows/CVI 9.0 Run-Time Engine (x32 Version: 9.0.0355)
NI LabWindows/CVI Code Generator (x32 Version: 9.0.1376)
NI LabWindows/CVI DLL Builder for LabVIEW (x32 Version: 9.0.1376)
NI License Manager (x32 Version: 3.4.25)
NI Logos 5.1 (x32 Version: 5.1.118.0)
NI Logos LabVIEW 2009 Support (x32 Version: 9.0.253.0)
NI Logos XT Support (x32 Version: 5.1.66.0)
NI Logos64 5.1 (Version: 5.1.71.0)
NI Logos64 XT Support (Version: 5.1.63.0)
NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0)
NI Math Kernel Libraries (x32 Version: 1.0.28.0)
NI Math Kernel Libraries (x32 Version: 1.0.861.0)
NI MAX LabVIEW Support 4.6.0 (x32 Version: 4.60.49153)
NI MAX Remote Configuration Installer 4.6 (x32 Version: 4.60.49152)
NI MAX Support for 64 Bit Windows (Version: 4.60.49153)
NI MDF Support (x32 Version: 2.70.346)
NI Measurement & Automation Explorer 4.6.0 (x32 Version: 4.60.49153)
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101)
NI MXS 4.6.0 (x32 Version: 4.60.49152)
NI MXS 4.6.0 for 64 Bit Windows (Version: 4.60.49152)
NI MXS 4.6.0f0 for LabVIEW Real-Time (x32 Version: 4.60.49152)
NI OPC Support (x32 Version: 9.0.35.0)
NI Portable Configuration 4.6.0 (x32 Version: 4.60.49152)
NI Portable Configuration Help for 64 Bit Windows 4.6.0 (Version: 4.60.49152)
NI Registration Wizard (x32 Version: 1.2.71)
NI Remote Provider for MAX 4.6.0 (x32 Version: 4.60.49152)
NI Remote PXI Provider for MAX 4.6.0 (x32 Version: 4.60.49152)
NI Software Provider for MAX 4.6.0 (x32 Version: 4.60.49152)
NI SSL Support (64-bit) (Version: 9.0.11.0)
NI SSL Support (x32 Version: 9.0.5.0)
NI System API RT (x32 Version: 1.0.45.0)
NI System API Windows 32-bit (x32 Version: 1.0.48.0)
NI System API Windows 64-bit (Version: 1.0.41.0)
NI System State Publisher (64-bit) (Version: 9.0.128.0)
NI System State Publisher (x32 Version: 9.0.150.0)
NI TDM Excel Add-In 2.1 (x32 Version: 2.1.37.0)
NI Trace Engine (64-bit) (Version: 9.0.128.0)
NI Trace Engine (x32 Version: 9.0.146.0)
NI Uninstaller (x32 Version: 2.70.346)
NI USI 1.7.0 (x32 Version: 1.7.03805)
NI USI 1.7.0 64-Bit (Version: 1.7.03805)
NI Variable Engine (64-bit) (Version: 2.3.26.0)
NI Variable Engine 2.3.0 (x32 Version: 2.3.59.0)
NI Variable Engine LabVIEW 2009 Support (x32 Version: 9.0.253.0)
NI VC2005MSMs x64 (Version: 8.01.5)
NI VC2005MSMs x86 (x32 Version: 8.01.5)
NI VC2008MSMs x64 (Version: 9.0.100)
NI VC2008MSMs x86 (x32 Version: 9.0.100)
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0)
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
NI Xalan Delay Load 1.10.1 (x32 Version: 1.10.46.0)
NI Xalan Delay Load 1.10.1 64-bit (Version: 1.10.47.0)
NI Xerces Delay Load 2.7.1 (x32 Version: 2.7.123.0)
NI Xerces Delay Load 2.7.1 64-bit (Version: 2.7.128.0)
NI-DAQmx - LabVIEW shared documentation (x32 Version: 1.50.49152)
NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0 (Version: 1.50.49152)
Norton Security Scan (x32 Version: 3.7.6.5)
ooVoo (x32 Version: 2.2.4.25)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.15 (x32 Version: 12.15.1748)
Opera Stable 15.0.1147.148 (x32 Version: 15.0.1147.148)
PartyPoker (x32)
Power2Go (x32 Version: 5.6.0.7303)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6549)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Reimage Repair (Version: 1.6.4.3)
Safari (x32 Version: 5.34.57.2)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.3 (x32 Version: 6.3.105)
Smiley Bar for Facebook (x32 Version: 1.0.0.3)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22)
SQL Server System CLR Types (x32 Version: 10.0.1600.22)
SugarSync Manager (x32 Version: 1.9.96.111090)
Synaptics Pointing Device Driver (Version: 16.0.5.3)
TextPad 6 (x32 Version: 6.2.2)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232) (x32 Version: 1)
Update for Microsoft Visual Studio Web Authoring Component (KB945140) (x32)
UserGuide (x32 Version: 1.0.0.6)
uTorrentControl_v2 Toolbar (x32 Version: 6.9.0.16)
VeriFace (x32 Version: 4.0.1.1230)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.3 (x32 Version: 2.0.3)
WeatherBug Alert (x32 Version: 1.3.0.1)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (Version: 12/15/2011 7.1.0.1)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net  (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234)
Windows Driver Package - Qualcomm Atheros Communications Inc. Net  (03/11/2013 10.0.0.234) (Version: 03/11/2013 10.0.0.234)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
 
==================== Restore Points  =========================
 
28-08-2013 04:22:51 Windows Update
01-09-2013 18:00:18 Windows Backup
03-09-2013 06:42:34 Windows Update
06-09-2013 10:42:12 Windows Update
09-09-2013 17:55:37 Windows Backup
10-09-2013 16:20:53 Windows Update
12-09-2013 09:26:01 Windows Update
16-09-2013 10:18:37 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {147DF704-6A9D-4209-8F15-4199A31BA7DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.)
Task: {1676D78A-9056-4DB5-AEFF-1BDCE50FCE6C} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
Task: {17E392CC-AE83-4F56-81F0-DB4B5C250A19} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {1C4E87ED-45FE-497E-9321-0FD19060DD5D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-196541456-3721787801-3454904004-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {315A53E0-B43A-4126-95E2-ADA3E90A2D92} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe
Task: {364614ED-0E03-472F-B4C4-DC9F690E0AFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {3D43CC68-9A72-4EA5-9DCC-B99BD9D321A1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {47468941-D3CD-4D21-9DF0-7BF2DAC8CD62} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {502A21E5-331A-49EA-A968-C8E916A0E51F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.)
Task: {56D60765-96A2-4AD8-BE2F-60DE160F5C66} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {5942AEEB-182D-478B-9505-501F530D6DB4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5CFF27DB-A837-4B41-91CD-073B1F0527C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {8A56546D-FC56-4B99-B25E-17EFAAA7C255} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe
Task: {8F8F2D9F-77A7-4059-95BC-3DF490A77417} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {947C9874-5B31-4730-97D6-3C3B248A9153} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {A1351A5E-6E41-431B-95FE-4D0E61D6CCB0} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2013-09-15] (Reimage ltd.)
Task: {A1929623-8271-4257-835F-5A26984D0272} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-196541456-3721787801-3454904004-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A3612461-C358-49E0-B9B1-11B9E886E0B9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {AEAA091D-DC64-43E9-81E3-D61B533A8967} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B282F32A-E87D-45D3-9664-595B6CE5F662} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {BFB018BE-4DD6-4E66-B7FB-E755050C9ABD} - System32\Tasks\OFFICE2010ACT => C:\Windows\system32\OFFICEICON.vbs [2012-02-23] ()
Task: {C72C4081-CE2F-4EF4-8E1A-AA6F91F61A72} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D9C2E616-097A-433E-B9CE-51C150941985} - System32\Tasks\Norton Security Scan for Jeremy => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.6.5\Nss.exe [2012-10-22] (Symantec Corporation)
Task: {EB4A601C-2982-4DCB-B09F-9BC60E71C66F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {EDEE48AF-4422-4BF4-99DA-D7E65DE526F9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{62527B77-66D5-4767-90F4-DEC6D080D889}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BB9726A3-1582-4273-8060-F07D0CA65002}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\Norton Security Scan for Jeremy.job => C:\PROGRA~2\NORTON~2\Engine\376~1.5\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-14 23:52 - 2013-04-04 01:33 - 00482144 _____ (SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll
2012-07-06 05:55 - 2012-07-06 05:55 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-10-13 23:54 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-05-17 07:37 - 2012-03-26 10:37 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-05-17 07:36 - 2012-03-26 10:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-06 05:35 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-07-06 05:35 - 2012-01-02 06:25 - 03747944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-05-17 10:09 - 2012-04-17 21:07 - 00727312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2012-05-17 10:10 - 2012-04-17 21:07 - 00229648 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2012-05-17 10:10 - 2012-04-17 21:07 - 00060688 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2008-12-20 11:20 - 2012-07-06 05:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-20 00:22 - 2012-07-06 05:56 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 11:20 - 2012-07-06 05:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-12-21 01:01 - 2011-12-21 01:01 - 01079648 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4c.dll
2011-12-21 01:01 - 2011-12-21 01:01 - 00034656 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\Dolby.Interop.dll
2012-07-06 05:35 - 2011-05-02 07:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2011-12-21 01:00 - 2011-12-21 01:00 - 00018784 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\en-US\pcee4c.resources.dll
 
 
==================== Faulty Device Manager Devices =============
 
Name: Atheros AR3011 Bluetooth 3.0
Description: Atheros AR3011 Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2013 01:36:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 01:36:02 PM) (Source: NI Variable Engine) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\National Instruments\Shared\Tagger\ni_tagger_plugin_mxs.dll: Failure to load plugin: Unexpected Error: Unable to get the Interface from the plug-in.
 
Error: (09/17/2013 01:36:02 PM) (Source: NI Variable Engine) (User: NT AUTHORITY)
Description: Unable to load the MXS configuration plugIn: Failed to get MAX Configuration interface: 0x8007007e
 
Error: (09/17/2013 01:33:52 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Jeremy-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (09/17/2013 08:35:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 08:34:41 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: The log scan number (290:192:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.
 
Error: (09/17/2013 08:34:10 AM) (Source: NI Variable Engine) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\National Instruments\Shared\Tagger\ni_tagger_plugin_mxs.dll: Failure to load plugin: Unexpected Error: Unable to get the Interface from the plug-in.
 
Error: (09/17/2013 08:34:10 AM) (Source: NI Variable Engine) (User: NT AUTHORITY)
Description: Unable to load the MXS configuration plugIn: Failed to get MAX Configuration interface: 0x8007007e
 
Error: (09/17/2013 08:33:36 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Jeremy-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (09/17/2013 06:12:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/17/2013 01:35:52 PM) (Source: Service Control Manager) (User: )
Description: The NI Configuration Manager service terminated with service-specific error %%-1.
 
Error: (09/17/2013 01:35:51 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error: 
%%1053
 
Error: (09/17/2013 01:35:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
 
Error: (09/17/2013 01:34:13 PM) (Source: Service Control Manager) (User: )
Description: The ffdshow manager service failed to start due to the following error: 
%%2
 
Error: (09/17/2013 08:34:43 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.
 
Error: (09/17/2013 08:34:01 AM) (Source: Service Control Manager) (User: )
Description: The NI Configuration Manager service terminated with service-specific error %%-1.
 
Error: (09/17/2013 08:33:25 AM) (Source: Service Control Manager) (User: )
Description: The ffdshow manager service failed to start due to the following error: 
%%2
 
Error: (09/17/2013 06:11:44 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.
 
Error: (09/17/2013 06:11:11 AM) (Source: Service Control Manager) (User: )
Description: The NI Configuration Manager service terminated with service-specific error %%-1.
 
Error: (09/17/2013 06:09:51 AM) (Source: Service Control Manager) (User: )
Description: The ffdshow manager service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2013 03:45:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 5991.41 MB
Available physical RAM: 3794.57 MB
Total Pagefile: 11981 MB
Available Pagefile: 9291.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:627.56 GB) (Free:421.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:0 GB) NTFS
Drive h: (DESPICABLE_ME) (CDROM) (Total:6.7 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 45F7DF76)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=628 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)
 
==================== End Of Log ============================


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 17 September 2013 - 08:10 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Download Energy Toolbar
McAfee Security Scan Plus
Norton Security Scan
Smiley Bar for Facebook
uTorrentControl_v2 Toolbar


Close the window.

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 08:48 AM

Hi I have managed to uninstall everything there except "Mc Afee Security Scan Plus". I have tried running the unistall from the control panel and start menu to no avail.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 17 September 2013 - 09:32 AM

then proceed with combofix


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 10:29 AM

Okay I have downloaded combofix but stopped it as AVG was still active. I stopped AVG, but then could not find the file. I clicked the link again and it saved the file to the same directory as the original. When I attempted to run this it was unable to save a log. it gave a message saying file name was not suitable.  Because it was a copy of the original it name ended with " [1]" I was not given the choice of running or saving the file when it came to downloading it. 

I have attempted "show in folder" but can see nothing in folder.


Edited by Greenmachine1a, 17 September 2013 - 10:37 AM.


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 17 September 2013 - 10:36 AM

normally, files will be downloaded into your "downloads" directory, see this microsoft link:

 

http://windows.microsoft.com/en-us/windows-vista/find-a-file-you-have-downloaded

 

From there, move combofix to the desktop as instructed and run it. If it fails to run due to the activity of AVG, uninstall avg for the time and proceed with combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 10:56 AM

Hi Thanks for coming back so soon again.  Problem is it indicating that the folder is empty. Clearly it is not as it choose a new name for the 2nd copy of the file.



#12 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 11:06 AM

ComboFix downloaded to

c:\windows\system32\config\systemprofile\downloads\ComboFix

however opening folder indicates it is empty



#13 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 17 September 2013 - 12:04 PM

AVG refuses to uninstall either because of a DLL error. I restarted computer and I am still getting the same error.  Message below

 

There is a problem with this Window Installer package.  A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.

 

Severity: Error

Error code: 0xC0070643

Error message: General internal error.

Additional message: MSI Engine: Failed to initialize the package.

@AVGMSI_Error 1723

There is a problem with this Windows Installer packgage. A DLL required for this install to complete could not be run. Contact

Context: Initialization, MSI action failed



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 18 September 2013 - 12:28 AM

Execute this FixIt! from microsoft to reset your Internet Explorer settings - it shouldn´t save the downloads to this folders but to your user profiles "download" directory:

 

http://go.microsoft.com/?linkid=9646978

 

When finished, download and run AVG remover and follow the instructions on the screen to remove the software:

 

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2012_2125.exe

 

 

When done, retry combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Greenmachine1a

Greenmachine1a
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 18 September 2013 - 08:38 AM

First link brings the message

"This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package."






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users