Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

many infections it seems.


  • This topic is locked This topic is locked
12 replies to this topic

#1 stresskill

stresskill

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 22 March 2014 - 06:25 PM

I have a serious problem. hijacked. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 1.6.0_33
Run by Joseph at 18:21:45 on 2014-03-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.15977.12712 [GMT -4:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=3E3E882C-5B62-417A-9933-7FA9E9074861
uProxyOverride = <local>
uURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
mURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
BHO: iminent Helper Object: {112BA211-334C-4A90-90EC-2AD1CDAB287C} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\bh\iminent.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Media View: {2164913f-439e-454c-9879-c9cd0d403993} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ie\MediaViewV1alpha2995.dll
BHO: Media View: {5e99b6a3-928b-47d5-ae2c-418f3d207d75} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ie\MediaViewV1alpha3872.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Iminent Toolbar: {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.28.3\iminentTlbr.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\CoIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Akamai NetSession Interface] "C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify] "C:\Users\Joseph\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
uRun: [GoogleChromeAutoLaunch_2DB0707BF60F636CCFF1ED8D4C17586C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Google Update] "C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Joseph\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" -UDCONNECT
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Joseph\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\Joseph\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORM~1.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORM~2.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704}\54C646562747E2E656470224F274F2E4 : DHCPNameServer = 172.17.0.5 167.206.254.1
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704}\64259445A51224F6870264F6E60275C414E40273131333 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704}\8424 : DHCPNameServer = 10.0.255.254
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79711892-828D-4314-90F5-521700A47704}\E45445745414253393 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN32965411428708271&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InternetHelper3.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN32965411428708271&UM=2&UP=SPDCEE7081-1E2B-483A-ACBB-9B02D012B3C1&SSPV=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN32965411428708271&UM=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Joseph\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-01-29 23:50; ext@MediaPlayerV1alpha250.net; C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha250\ff
FF - ExtSQL: 2014-02-05 02:09; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn
FF - ExtSQL: 2014-02-22 14:15; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF - ExtSQL: 2014-02-27 23:52; ext@MediaViewV1alpha2995.net; C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff
FF - ExtSQL: 2014-03-20 14:39; ext@MediaViewV1alpha3872.net; C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-6-22 29512]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-22 19224]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-6-22 28992]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-22 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2014-2-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2014-2-10 1139800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-30 50976]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-19 1526488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2014-2-10 169048]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [2014-1-30 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140228.001\IDSviA64.sys [2014-3-1 521944]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-6-22 249152]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2014-2-10 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2014-2-10 433752]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-1 659976]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-3-8 135952]
R2 ColorMunkiService;X-Rite Device ColorMunki;C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [2012-6-22 147968]
R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [2012-6-25 98304]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-22 161560]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-6-22 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-6-22 133992]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2014-2-10 144368]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [2014-1-30 143928]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-6-22 101888]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2013-12-24 2905408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-12 382272]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-6-22 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-6-22 144960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-22 363800]
R2 Update SecretSauce;Update SecretSauce;C:\Program Files (x86)\SecretSauce\updateSecretSauce.exe [2013-12-6 348960]
R2 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-6-22 4563848]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768]
R2 xritedeviced;X-Rite Device Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [2012-6-22 130048]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-6-22 216704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-1 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-6-22 163368]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-6-22 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-22 39976]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-6-22 320576]
R3 eppvad_simple;EPSON Projector UD Audio Device;C:\Windows\System32\drivers\EMP_UDAU.sys [2012-6-25 23040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-30 137648]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-22 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-22 789272]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-6-22 1662560]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-31 32808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Util SecretSauce;Util SecretSauce;C:\Program Files (x86)\SecretSauce\bin\utilSecretSauce.exe [2013-12-25 348960]
S2 WinkHandler;WinkHandler;C:\Program Files (x86)\Iminent\WinkHandler.exe [2013-12-24 425792]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-1 195584]
S3 colormunki;colormunki;C:\Windows\System32\drivers\colormunki_x64.sys [2012-6-22 51600]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-6-22 1665120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-22 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-03-05 07:14:55 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9FC188A-E428-4EBD-B44F-84BFA061EA6C}\offreg.dll
2014-03-03 02:22:47 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-02-28 04:52:45 -------- d-----w- C:\Program Files (x86)\MediaViewV1
.
==================== Find3M  ====================
.
2014-03-03 02:21:57 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-02-10 05:25:06 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-28 02:54:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 18:22:13.72 ===============
 


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 23 March 2014 - 11:04 AM

Hello stresskill,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once the scan completes click the Clean button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Things to include in your next reply:

AdwCleaner log

JRT.txt

FRST.txt

Addition.txt

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 stresskill

stresskill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 March 2014 - 01:07 PM

# AdwCleaner v3.022 - Report created 23/03/2014 at 13:35:50
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Joseph - W530
# Running from : C:\Users\Joseph\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
Service Deleted : SProtection
[#] Service Deleted : Update SecretSauce
[#] Service Deleted : Util SecretSauce
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\internethelper3.1
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
[!] Folder Deleted : C:\Users\Joseph\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Joseph\AppData\Local\Conduit
Folder Deleted : C:\Users\Joseph\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Joseph\AppData\Local\genienext
Folder Deleted : C:\Users\Joseph\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Joseph\AppData\Local\playnowradio
Folder Deleted : C:\Users\Joseph\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Joseph\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Joseph\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Joseph\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Joseph\AppData\Local\Temp\CT3289663
Folder Deleted : C:\Users\Joseph\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Joseph\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joseph\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Joseph\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Joseph\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Joseph\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Joseph\Documents\Mobogenie
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\Smartbar
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\CT3289663
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\END
File Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FD0C1D9-180B-4834-B80B-4B7325AF90E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2CC3C46-143B-4142-9D5A-B8543F0A6F55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FFD0EF2-DBE9-483A-80C4-D2C331DA1CE4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35779012-45A0-47C4-BC0D-F9E94049F602}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD1F3DB-3A57-4EDF-8661-271D2006C848}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1FAFD711-ABF9-4F6A-8130-5166C7371427}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\IminentToolbar
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\IminentToolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
[ File : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\prefs.js ]
 
Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "HICKSVILLE");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USNY0653");
Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Hicksville, NY");
Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN32965411428708271&UM=2&q=");
Line Deleted : user_pref("CT3289663.UserID", "UN32965411428708271");
Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.autoDisableScopes", -1);
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.defaultSearch", "true");
Line Deleted : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289663.enableAlerts", "true");
Line Deleted : user_pref("CT3289663.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289663.fixUrls", true);
Line Deleted : user_pref("CT3289663.installDate", "13/6/2013 4:15:40");
Line Deleted : user_pref("CT3289663.installId", "stub.exe");
Line Deleted : user_pref("CT3289663.installSessionId", "{B04AF8BA-C2FB-4B0B-A7C6-B2ECBAE3277F}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289663.installUsage", "2014-01-19T05:32:41.0258406+03:00");
Line Deleted : user_pref("CT3289663.installUsageEarly", "2014-01-19T05:32:37.4633862+03:00");
Line Deleted : user_pref("CT3289663.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN32965411428708271&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Deleted : user_pref("CT3289663.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3289663.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InternetHelper31.OurToolbar.com/\",\"E[...]
Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "about:home");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3289663.originalSearchEngine", "");
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Deleted : user_pref("CT3289663.search.searchCount", "0");
Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390098768924");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1390098768423");
Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1390098768369");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1390098766795");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1390098770356");
Line Deleted : user_pref("CT3289663.serviceLayer_services_location_lastUpdate", "1390098766786");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.16.2.9_lastUpdate", "1390098770425");
Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1390098768328");
Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1390098766788");
Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1390098765717");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1390098768405");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1390098766697");
Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1390098768391");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.startPage", "true");
Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "19-1-2014");
Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "19-1-2014");
Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Sat Jan 18 2014 21:32:50 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1390704821542,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN32965411428708271&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN32965411428708271&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN32965411428708271&UM=2&UP=SPDCEE7081-1E2B-483A-ACBB-9B02D012B3C1&SSPV=");
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("iminent.newtabredirect", "false");
Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN32965411428708271&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN32965411428708271&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN32965411428708271&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.machineId", "LQQCLUUI2MNZZ6HV8R5VC2CTIQW5/SVBZPO/RM2LDOJA6I3MNDGIDME0EP8KIR7S94P5KVGNLSBQVCHJDMSCGW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN32965411428708271&UM=2&SearchSource=13");
 
*************************
 
AdwCleaner[R0].txt - [30053 octets] - [23/03/2014 13:33:23]
AdwCleaner[S0].txt - [29354 octets] - [23/03/2014 13:35:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29415 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Joseph on Sun 03/23/2014 at 13:41:59.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\consumer input update
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9DE64E1-2F44-4989-8C5B-CA8C2DD82CAC}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Joseph\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\secretsauce"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/23/2014 at 13:49:53.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Joseph (administrator) on W530 on 23-03-2014 13:54:35
Running from C:\Users\Joseph\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
() C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-09-21] (Authentec Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
HKLM-x32\...\Run: [googletalk] - C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17424048 2012-06-14] (Skype Technologies S.A.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Spotify] - C:\Users\Joseph\AppData\Roaming\Spotify\Spotify.exe [5576408 2012-08-29] (Spotify Ltd)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Spotify Web Helper] - C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-29] ()
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [GoogleChromeAutoLaunch_2DB0707BF60F636CCFF1ED8D4C17586C] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Google Update] - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-13] (Google Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: G - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: {7227c43e-bde3-11e1-afb1-c01885db4abf} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: {74ba5363-a430-11e3-b3ca-c01885db4abf} - G:\MotoCastSetup.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-12] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Media View - {2164913f-439e-454c-9879-c9cd0d403993} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ie\MediaViewV1alpha2995.dll ()
BHO-x32: Media View - {5e99b6a3-928b-47d5-ae2c-418f3d207d75} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ie\MediaViewV1alpha3872.dll ()
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Media Watch - {c5664dd7-df63-4fb2-8ffc-e7a60f8d3a2d} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ie\MediaWatchV1home660.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joseph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joseph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\internethelper31-customized-web-search.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\mycroft-project.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\torrent-project---metasearch.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\youtube.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2012-06-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta983.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha250.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha250\ff
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha2995.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3872.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home660.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\src
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Media Player) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjodgcfknmohcdhklndkalhidkagljig [2014-01-30]
CHR Extension: (Media View) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgkacfddelgjjdlbiegcdjleaildlof [2014-02-28]
CHR Extension: (Media View) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkldjoblhhoflfaobegodelhilnnogmj [2014-03-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-02-05]
CHR Extension: (Media Watch) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmocfakohoefabbhigfclnjmidaoohk [2014-03-22]
CHR HKCU\...\Chrome\Extension: [almhciamckkbjlmapgjalcpciigohefi] - C:\Users\Joseph\AppData\Local\playnowradio\playnowradio\1.3.2.18\playnowradio.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [jkeeapignlnilglplcedjbniakocicba] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ch\VideoPlayerV3beta983.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [loegdibholggdjoefldpbnblblaligim] - C:\Program Files (x86)\Consumer Input\Chrome\cicr-3.1.0-2123.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [mcgkacfddelgjjdlbiegcdjleaildlof] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ch\MediaViewV1alpha2995.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [nkldjoblhhoflfaobegodelhilnnogmj] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ch\MediaViewV1alpha3872.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\Exts\Chrome.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [ppmocfakohoefabbhigfclnjmidaoohk] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ch\MediaWatchV1home660.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4563848 2012-05-29] (RealVNC Ltd)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-30] (Symantec Corporation)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140228.001\IDSvia64.sys [521944 2014-02-05] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140228.008\ENG64.SYS [126040 2014-01-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140228.008\EX64.SYS [2099288 2014-01-30] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-12] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-23 13:54 - 2014-03-23 13:54 - 02157056 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2014-03-23 13:54 - 2014-03-23 13:54 - 00031182 _____ () C:\Users\Joseph\Downloads\FRST.txt
2014-03-23 13:54 - 2014-03-23 13:54 - 00000000 ____D () C:\FRST
2014-03-23 13:52 - 2014-03-23 13:52 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (4).exe
2014-03-23 13:49 - 2014-03-23 13:49 - 00001239 _____ () C:\Users\Joseph\Desktop\JRT.txt
2014-03-23 13:41 - 2014-03-23 13:41 - 01037734 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe
2014-03-23 13:41 - 2014-03-23 13:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 13:33 - 2014-03-23 13:36 - 00000000 ____D () C:\AdwCleaner
2014-03-23 13:31 - 2014-03-23 13:32 - 01950720 _____ () C:\Users\Joseph\Downloads\adwcleaner.exe
2014-03-22 19:11 - 2014-03-22 19:11 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-03-20 18:22 - 2014-03-20 18:22 - 00029851 _____ () C:\Users\Joseph\Desktop\dds.txt
2014-03-20 18:22 - 2014-03-20 18:22 - 00008480 _____ () C:\Users\Joseph\Desktop\attach.txt
2014-03-20 18:16 - 2014-03-20 18:17 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.com
2014-03-06 23:45 - 2014-03-06 23:45 - 02385840 _____ (Flawless Technology) C:\Users\Joseph\Downloads\FlawlessCodec.exe
2014-03-05 02:49 - 2014-03-05 02:49 - 00221480 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (3).exe
2014-03-05 02:43 - 2014-03-05 02:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-01 01:20 - 2014-03-01 01:20 - 00226088 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (2).exe
2014-02-28 00:52 - 2014-03-20 14:39 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-22 22:11 - 2014-02-22 22:11 - 00558888 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (1).exe
2014-02-22 16:03 - 2014-02-22 16:03 - 00319992 _____ () C:\Users\Joseph\Downloads\Setup (6).exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-23 13:54 - 2014-03-23 13:54 - 02157056 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2014-03-23 13:54 - 2014-03-23 13:54 - 00031182 _____ () C:\Users\Joseph\Downloads\FRST.txt
2014-03-23 13:54 - 2014-03-23 13:54 - 00000000 ____D () C:\FRST
2014-03-23 13:52 - 2014-03-23 13:52 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (4).exe
2014-03-23 13:52 - 2012-06-22 02:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 13:49 - 2014-03-23 13:49 - 00001239 _____ () C:\Users\Joseph\Desktop\JRT.txt
2014-03-23 13:46 - 2009-07-14 00:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 13:46 - 2009-07-14 00:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 13:44 - 2009-07-14 01:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 13:42 - 2012-06-22 01:26 - 01632636 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 13:41 - 2014-03-23 13:41 - 01037734 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe
2014-03-23 13:41 - 2014-03-23 13:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 13:40 - 2012-08-29 15:09 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\Spotify
2014-03-23 13:39 - 2014-01-30 00:50 - 00001224 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 13:39 - 2012-06-22 02:52 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\Skype
2014-03-23 13:38 - 2013-12-24 23:49 - 00001956 _____ () C:\Windows\Tasks\FTdownloader V6.0-chromeinstaller.job
2014-03-23 13:38 - 2013-12-24 23:49 - 00001334 _____ () C:\Windows\Tasks\FTdownloader V6.0-updater.job
2014-03-23 13:38 - 2013-06-13 04:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 13:38 - 2012-06-22 03:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-23 13:38 - 2010-11-20 23:47 - 00370702 _____ () C:\Windows\PFRO.log
2014-03-23 13:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 13:38 - 2009-07-14 00:51 - 00066280 _____ () C:\Windows\setupact.log
2014-03-23 13:36 - 2014-03-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-03-23 13:36 - 2012-06-22 01:26 - 00000000 ___RD () C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 13:35 - 2013-06-13 16:37 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000Core.job
2014-03-23 13:32 - 2014-03-23 13:31 - 01950720 _____ () C:\Users\Joseph\Downloads\adwcleaner.exe
2014-03-23 13:32 - 2013-06-13 16:37 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000UA.job
2014-03-23 13:27 - 2013-06-13 04:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 19:11 - 2014-03-22 19:11 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-03-20 18:22 - 2014-03-20 18:22 - 00029851 _____ () C:\Users\Joseph\Desktop\dds.txt
2014-03-20 18:22 - 2014-03-20 18:22 - 00008480 _____ () C:\Users\Joseph\Desktop\attach.txt
2014-03-20 18:17 - 2014-03-20 18:16 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.com
2014-03-20 14:39 - 2014-02-28 00:52 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-12 02:17 - 2013-12-24 23:50 - 00012745 _____ () C:\Users\Joseph\daemonprocess.txt
2014-03-08 22:33 - 2012-06-24 05:56 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\vlc
2014-03-06 23:45 - 2014-03-06 23:45 - 02385840 _____ (Flawless Technology) C:\Users\Joseph\Downloads\FlawlessCodec.exe
2014-03-05 02:49 - 2014-03-05 02:49 - 00221480 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (3).exe
2014-03-05 02:43 - 2014-03-05 02:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-05 02:38 - 2014-01-30 17:45 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-05 02:38 - 2014-01-30 17:44 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-03-03 07:56 - 2013-09-16 21:36 - 00000000 ____D () C:\Users\Joseph\AppData\Local\AirParrot
2014-03-02 22:21 - 2014-01-30 15:16 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-01 01:20 - 2014-03-01 01:20 - 00226088 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (2).exe
2014-02-24 03:24 - 2012-06-22 02:34 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\uTorrent
2014-02-22 23:05 - 2012-07-12 02:20 - 00000000 ____D () C:\Users\Joseph\completed
2014-02-22 22:11 - 2014-02-22 22:11 - 00558888 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (1).exe
2014-02-22 16:03 - 2014-02-22 16:03 - 00319992 _____ () C:\Users\Joseph\Downloads\Setup (6).exe
 
Some content of TEMP:
====================
C:\Users\Joseph\AppData\Local\Temp\2788.exe
C:\Users\Joseph\AppData\Local\Temp\air5C06.exe
C:\Users\Joseph\AppData\Local\Temp\air825B.exe
C:\Users\Joseph\AppData\Local\Temp\air8E1A.exe
C:\Users\Joseph\AppData\Local\Temp\air8F35.exe
C:\Users\Joseph\AppData\Local\Temp\airAA46.exe
C:\Users\Joseph\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joseph\AppData\Local\Temp\ci-2.7.1-53firefox.exe
C:\Users\Joseph\AppData\Local\Temp\cicr-3.1.0-84.exe
C:\Users\Joseph\AppData\Local\Temp\ConsumerInputSetup-2.7.1-7927IE.exe
C:\Users\Joseph\AppData\Local\Temp\nsh4DE7.exe
C:\Users\Joseph\AppData\Local\Temp\nsmC535.exe
C:\Users\Joseph\AppData\Local\Temp\nsr4636.exe
C:\Users\Joseph\AppData\Local\Temp\nsrEA35.exe
C:\Users\Joseph\AppData\Local\Temp\nsw1B14.exe
C:\Users\Joseph\AppData\Local\Temp\nsw9B3.exe
C:\Users\Joseph\AppData\Local\Temp\oi_{661C99E6-0E40-4839-ABC3-F41921122AD9}.exe
C:\Users\Joseph\AppData\Local\Temp\ose00000.exe
C:\Users\Joseph\AppData\Local\Temp\Quarantine.exe
C:\Users\Joseph\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Joseph\AppData\Local\Temp\set-app.exe
C:\Users\Joseph\AppData\Local\Temp\setapp.exe
C:\Users\Joseph\AppData\Local\Temp\setup.exe
C:\Users\Joseph\AppData\Local\Temp\Setup1.exe
C:\Users\Joseph\AppData\Local\Temp\Setup2.exe
C:\Users\Joseph\AppData\Local\Temp\setupA9_.exe
C:\Users\Joseph\AppData\Local\Temp\setup__4416.exe
C:\Users\Joseph\AppData\Local\Temp\SPStub.exe
C:\Users\Joseph\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Joseph\AppData\Local\Temp\uttD020.tmp.exe
C:\Users\Joseph\AppData\Local\Temp\wget.exe
C:\Users\Joseph\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 19:02
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Joseph at 2014-03-23 13:54:56
Running from C:\Users\Joseph\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton AntiVirus (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.6 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
AirParrot (HKLM\...\{EA512214-BA00-4B17-801B-5884A066844C}) (Version: 1.1.6 - Squirrels)
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ColorMunki Photo 1.1.1 (HKLM-x32\...\ColorMunki Photo_is1) (Version:  - X-Rite)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)
Consumer Input Chrome Extension (remove only) (HKCU\...\Consumer Input Chrome Extension) (Version: 3.1.0.84 - Compete Inc.)
Consumer Input Firefox Extension (remove only) (HKCU\...\Consumer Input Firefox Extension) (Version: 2.7.1.53 - Compete Inc.)
Consumer Input Software (remove only) (HKCU\...\Consumer Input Software) (Version: 2.7.1.7927 - Compete Inc.)
DDC Driver 1.5 (HKLM-x32\...\DDC Driver_is1) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FTdownloader V6.0 (HKLM-x32\...\FTdownloader V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version: 3.0.31.0 - GigaClicks Inc.) <==== ATTENTION
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 27.0.1453.110 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{51268A7D-4E1A-371A-9849-496D48930952}) (Version: 4.0.1.13525 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2725 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
K-Lite Codec Pack 8.9.2 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.2 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Media Player (HKLM-x32\...\MediaPlayerV1alpha250) (Version: 1.1 - Media Player)
Media View (HKLM-x32\...\MediaViewV1alpha2995) (Version: 1.1 - Media View)
Media View (HKLM-x32\...\MediaViewV1alpha3872) (Version: 1.1 - Media View)
Media Watch (HKLM-x32\...\MediaWatchV1home660) (Version: 1.1 - Media Watch)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 20.4.0.40 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.1.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.3 - )
NVIDIA 3D Vision Driver 296.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.80 - NVIDIA Corporation)
NVIDIA Control Panel 296.80 (Version: 296.80 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9680 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.71.03 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Play Now Radio (HKCU\...\playnowradio) (Version:  - playnowradio) <==== ATTENTION
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
SDK (x32 Version: 1.40.002 - Portrait Displays, Inc.) Hidden
SecretSauce (HKLM\...\SecretSauce) (Version: 2013.12.07.011955 - SecretSauce) <==== ATTENTION
Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.114 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkVantage Fingerprint Software (HKLM\...\{479016BF-5B8D-445F-BE15-A187F25D81C8}) (Version: 5.9.6.7084 - Authentec Inc.)
UninstallDeviceDll 1.1 (HKLM-x32\...\UninstallDeviceDll_is1) (Version:  - X-Rite)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.8.0 (HKLM\...\VNCPrinter_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Server 5.0.0 (HKLM\...\RealVNC_is1) (Version: 5.0.0 - RealVNC Ltd)
VNC Viewer 5.0.0 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.0 - RealVNC Ltd)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
X-Rite Device ColorMunki Service (HKLM-x32\...\{EAEFA1B2-64E3-4B8E-942F-F57A73BC1CAE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
 
==================== Restore Points  =========================
 
28-01-2014 06:19:49 Removed Bonjour
30-01-2014 19:02:24 Removed AVG 2014
30-01-2014 19:05:10 Removed AVG 2014
30-01-2014 19:13:30 Installed AVG 2013
30-01-2014 19:13:56 Installed AVG 2013
30-01-2014 21:33:49 Removed AVG 2013
30-01-2014 21:35:10 Removed AVG 2013
23-02-2014 03:22:29 Scheduled Checkpoint
20-03-2014 19:16:36 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2012-06-22 04:39 - 00001728 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01114C2E-A950-4CD7-8EAA-C610DE2B42B0} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {0484B080-68AA-45D6-B4FF-B2BF109F94B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000Core => C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {1111C937-F338-456D-8EE5-1D423D1A4585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {186F5D1D-AAD7-449C-9843-5D059F210BEF} - \AmiUpdXp No Task File
Task: {2E6C61F3-333D-4B67-AE6C-58433299C435} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {322637DF-6E4F-4E37-A331-97B84B7CFE71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {32494785-C883-4954-A6FA-BDC34C11FF73} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {34AFABAD-9F9E-4D25-87F8-3549D7809079} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-16] (Lenovo Group Limited)
Task: {4E03DD05-4669-45BD-AB19-D9971517FE93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000UA => C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {718E5E9B-B330-4F6D-BD1D-238B3602E085} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {83AA82F5-402C-409D-8115-D2A379820B2B} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {962E0D84-FEE3-4F9D-A8BF-7262354A8F91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22] (Adobe Systems Incorporated)
Task: {A536D9B4-FD4D-4B02-A2CC-EF91737058D9} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {BA0235D0-22D0-4470-A331-5667147F3A2A} - System32\Tasks\FTdownloader V6.0-chromeinstaller => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-chromeinstaller.exe [2013-12-24] (installdaddy) <==== ATTENTION
Task: {BC642D92-214D-446C-9BCB-1E7A19EA3511} - System32\Tasks\AdobeAAMUpdater-1.0-W530-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {BD8D3AEF-E97C-4320-A3C1-F4A34E554761} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {CB0E0250-9E62-44BF-9835-875AA23F87AE} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D085DC77-2422-4091-9DF8-C0A8407486D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {D1CE65A2-D4B5-438F-B2A4-8EC1A6BCCBAB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D2118FA6-E4FB-407D-A0F5-B92A46A8FA6D} - System32\Tasks\Play Now Radio => C:\Users\Joseph\AppData\Local\playnowradio\playnowradio\1.3.2.18\playnowradio.exe <==== ATTENTION
Task: {E7E2E836-BDDF-4C3D-B6A2-57014316BE5F} - System32\Tasks\FTdownloader V6.0-updater => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-updater.exe [2013-12-24] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FTdownloader V6.0-chromeinstaller.job => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V6.0-updater.job => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000Core.job => C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000UA.job => C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-20 01:09 - 2012-03-20 01:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-29 15:09 - 2012-08-29 15:09 - 01193176 _____ () C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2012-06-22 05:02 - 2009-10-23 12:26 - 01921024 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
2012-06-22 03:48 - 2012-05-16 09:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2012-06-22 05:02 - 2008-09-03 19:12 - 02592768 _____ () C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\colormunki.dll
2014-01-30 17:45 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.1.0.32\wincfi39.dll
2012-06-22 05:02 - 2009-10-22 17:33 - 07053312 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtGui4.dll
2012-06-22 05:02 - 2009-10-22 17:33 - 01970176 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\QtCore4.dll
2012-06-22 05:02 - 2009-10-22 17:29 - 00131072 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qjpeg4.dll
2012-06-22 05:02 - 2009-10-22 17:29 - 00278528 _____ () C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\imageformats\qtiff4.dll
2012-06-22 03:30 - 2012-02-21 15:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-06-13 04:15 - 2013-05-29 01:26 - 00599504 _____ () C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
2013-06-13 04:15 - 2013-05-29 01:26 - 00124368 _____ () C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
2013-06-13 04:15 - 2013-05-29 01:27 - 04051408 _____ () C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
2013-06-13 04:15 - 2013-05-29 01:27 - 00393168 _____ () C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
2013-06-13 04:15 - 2013-05-29 01:26 - 01597392 _____ () C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
2013-06-13 16:25 - 2013-06-13 16:25 - 13140872 _____ () C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-23 13:40:49.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 01:40:03.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 17:05:42.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 17:05:42.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 17:05:34.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 17:05:32.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-05 02:12:15.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-30 16:41:56.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-30 14:10:02.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-28 01:14:22.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 15977.11 MB
Available physical RAM: 13005.57 MB
Total Pagefile: 31952.39 MB
Available Pagefile: 28687.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.62 GB) (Free:202.23 GB) NTFS
Drive d: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:1.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9D0A3B7B)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
There are still suspicious pop ups, hypertext links and new tabs opening automatically.
 
thank you for your help


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 23 March 2014 - 02:03 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

FTdownloader V6.0
GigaClicks Crawler
Consumer Input
Consumer Input
Media Player
Media View
Media Watch
Play Now Radio
SecretSauce

Additional instructions can be found here if needed.

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   6.57KB   2 downloads

 

 

Things to include in your next reply::

Fixlog.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 stresskill

stresskill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 March 2014 - 03:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Joseph at 2014-03-23 16:04:08 Run:1
Running from C:\Users\Joseph\Desktop\FRST fixlist
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO-x32: Media View - {2164913f-439e-454c-9879-c9cd0d403993} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ie\MediaViewV1alpha2995.dll ()
BHO-x32: Media View - {5e99b6a3-928b-47d5-ae2c-418f3d207d75} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ie\MediaViewV1alpha3872.dll ()
C:\Program Files (x86)\MediaViewV1
BHO-x32: Media Watch - {c5664dd7-df63-4fb2-8ffc-e7a60f8d3a2d} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ie\MediaWatchV1home660.dll ()
C:\Program Files (x86)\MediaWatchV1
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\torrent-project---metasearch.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\the-pirate-bay.xml
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha2995.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3872.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff [2014-03-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home660.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ff
FF Extension: Media Watch - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ff [2014-03-22]
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\src
CHR Extension: (Media Player) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjodgcfknmohcdhklndkalhidkagljig [2014-01-30]
CHR Extension: (Media View) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgkacfddelgjjdlbiegcdjleaildlof [2014-02-28]
CHR Extension: (Media View) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkldjoblhhoflfaobegodelhilnnogmj [2014-03-23]
CHR Extension: (Media Watch) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmocfakohoefabbhigfclnjmidaoohk [2014-03-22]
CHR HKCU\...\Chrome\Extension: [almhciamckkbjlmapgjalcpciigohefi] - C:\Users\Joseph\AppData\Local\playnowradio\playnowradio\1.3.2.18\playnowradio.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [dbpebffoameokfhnaaedmefjncfboino] - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [jkeeapignlnilglplcedjbniakocicba] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ch\VideoPlayerV3beta983.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [loegdibholggdjoefldpbnblblaligim] - C:\Program Files (x86)\Consumer Input\Chrome\cicr-3.1.0-2123.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [mcgkacfddelgjjdlbiegcdjleaildlof] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ch\MediaViewV1alpha2995.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [nkldjoblhhoflfaobegodelhilnnogmj] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ch\MediaViewV1alpha3872.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\Exts\Chrome.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [ppmocfakohoefabbhigfclnjmidaoohk] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ch\MediaWatchV1home660.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ext@VideoPlayerV3beta983.net
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]
C:\Users\Joseph\AppData\Local\Temp\2788.exe
C:\Users\Joseph\AppData\Local\Temp\air5C06.exe
C:\Users\Joseph\AppData\Local\Temp\air825B.exe
C:\Users\Joseph\AppData\Local\Temp\air8E1A.exe
C:\Users\Joseph\AppData\Local\Temp\air8F35.exe
C:\Users\Joseph\AppData\Local\Temp\airAA46.exe
C:\Users\Joseph\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joseph\AppData\Local\Temp\ci-2.7.1-53firefox.exe
C:\Users\Joseph\AppData\Local\Temp\cicr-3.1.0-84.exe
C:\Users\Joseph\AppData\Local\Temp\ConsumerInputSetup-2.7.1-7927IE.exe
C:\Users\Joseph\AppData\Local\Temp\nsh4DE7.exe
C:\Users\Joseph\AppData\Local\Temp\nsmC535.exe
C:\Users\Joseph\AppData\Local\Temp\nsr4636.exe
C:\Users\Joseph\AppData\Local\Temp\nsrEA35.exe
C:\Users\Joseph\AppData\Local\Temp\nsw1B14.exe
C:\Users\Joseph\AppData\Local\Temp\nsw9B3.exe
C:\Users\Joseph\AppData\Local\Temp\oi_{661C99E6-0E40-4839-ABC3-F41921122AD9}.exe
C:\Users\Joseph\AppData\Local\Temp\ose00000.exe
C:\Users\Joseph\AppData\Local\Temp\Quarantine.exe
C:\Users\Joseph\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Joseph\AppData\Local\Temp\set-app.exe
C:\Users\Joseph\AppData\Local\Temp\setapp.exe
C:\Users\Joseph\AppData\Local\Temp\setup.exe
C:\Users\Joseph\AppData\Local\Temp\Setup1.exe
C:\Users\Joseph\AppData\Local\Temp\Setup2.exe
C:\Users\Joseph\AppData\Local\Temp\setupA9_.exe
C:\Users\Joseph\AppData\Local\Temp\setup__4416.exe
C:\Users\Joseph\AppData\Local\Temp\SPStub.exe
C:\Users\Joseph\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Joseph\AppData\Local\Temp\uttD020.tmp.exe
C:\Users\Joseph\AppData\Local\Temp\wget.exe
C:\Users\Joseph\AppData\Local\Temp\xmlUpdater.exe
Task: {186F5D1D-AAD7-449C-9843-5D059F210BEF} - \AmiUpdXp No Task File
Task: {32494785-C883-4954-A6FA-BDC34C11FF73} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {BA0235D0-22D0-4470-A331-5667147F3A2A} - System32\Tasks\FTdownloader V6.0-chromeinstaller => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-chromeinstaller.exe [2013-12-24] (installdaddy) <==== ATTENTION
Task: {BD8D3AEF-E97C-4320-A3C1-F4A34E554761} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {D2118FA6-E4FB-407D-A0F5-B92A46A8FA6D} - System32\Tasks\Play Now Radio => C:\Users\Joseph\AppData\Local\playnowradio\playnowradio\1.3.2.18\playnowradio.exe <==== ATTENTION
Task: {E7E2E836-BDDF-4C3D-B6A2-57014316BE5F} - System32\Tasks\FTdownloader V6.0-updater => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-updater.exe [2013-12-24] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V6.0-chromeinstaller.job => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\FTdownloader V6.0-updater.job => C:\Program Files (x86)\FTdownloader V6.0\FTdownloader V6.0-updater.exe <==== ATTENTION
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2164913f-439e-454c-9879-c9cd0d403993} => Key not found.
HKCR\Wow6432Node\CLSID\{2164913f-439e-454c-9879-c9cd0d403993} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e99b6a3-928b-47d5-ae2c-418f3d207d75} => Key not found.
HKCR\Wow6432Node\CLSID\{5e99b6a3-928b-47d5-ae2c-418f3d207d75} => Key not found.
C:\Program Files (x86)\MediaViewV1 => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5664dd7-df63-4fb2-8ffc-e7a60f8d3a2d} => Key not found.
HKCR\Wow6432Node\CLSID\{c5664dd7-df63-4fb2-8ffc-e7a60f8d3a2d} => Key not found.
C:\Program Files (x86)\MediaWatchV1 => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\torrent-project---metasearch.xml => Moved successfully.
C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\the-pirate-bay.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha2995.net => Value not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ff not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha3872.net => Value not found.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ff not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaWatchV1home660.net => Value not found.
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ff not found.
HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => Value deleted successfully.
C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjodgcfknmohcdhklndkalhidkagljig => Moved successfully.
C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcgkacfddelgjjdlbiegcdjleaildlof directory not found.
C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkldjoblhhoflfaobegodelhilnnogmj directory not found.
C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmocfakohoefabbhigfclnjmidaoohk directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\almhciamckkbjlmapgjalcpciigohefi => Key deleted successfully.
"C:\Users\Joseph\AppData\Local\playnowradio\playnowradio\1.3.2.18\playnowradio.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino => Key deleted successfully.
"C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jkeeapignlnilglplcedjbniakocicba => Key deleted successfully.
"C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ch\VideoPlayerV3beta983.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\loegdibholggdjoefldpbnblblaligim => Key deleted successfully.
"C:\Program Files (x86)\Consumer Input\Chrome\cicr-3.1.0-2123.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mcgkacfddelgjjdlbiegcdjleaildlof => Key not found.
"C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2995\ch\MediaViewV1alpha2995.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkldjoblhhoflfaobegodelhilnnogmj => Key not found.
"C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3872\ch\MediaViewV1alpha3872.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob => Key deleted successfully.
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\Exts\Chrome.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ppmocfakohoefabbhigfclnjmidaoohk => Key not found.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home660\ch\MediaWatchV1home660.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
WinkHandler => Service deleted successfully.
C:\Users\Joseph\AppData\Local\Temp\2788.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\air5C06.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\air825B.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\air8E1A.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\air8F35.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\airAA46.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\ci-2.7.1-53firefox.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\cicr-3.1.0-84.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\ConsumerInputSetup-2.7.1-7927IE.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsh4DE7.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsmC535.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsr4636.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsrEA35.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsw1B14.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\nsw9B3.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\oi_{661C99E6-0E40-4839-ABC3-F41921122AD9}.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\SecondStepInstaller.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\set-app.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\setapp.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\Setup1.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\Setup2.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\setupA9_.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\setup__4416.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\ToolbarHelper.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\uttD020.tmp.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\wget.exe => Moved successfully.
C:\Users\Joseph\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{186F5D1D-AAD7-449C-9843-5D059F210BEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{186F5D1D-AAD7-449C-9843-5D059F210BEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32494785-C883-4954-A6FA-BDC34C11FF73} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA0235D0-22D0-4470-A331-5667147F3A2A} => Key not found.
C:\Windows\System32\Tasks\FTdownloader V6.0-chromeinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V6.0-chromeinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD8D3AEF-E97C-4320-A3C1-F4A34E554761} => Key not found.
C:\Windows\System32\Tasks\GC_Informer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2118FA6-E4FB-407D-A0F5-B92A46A8FA6D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2118FA6-E4FB-407D-A0F5-B92A46A8FA6D} => Key deleted successfully.
C:\Windows\System32\Tasks\Play Now Radio => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Play Now Radio => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7E2E836-BDDF-4C3D-B6A2-57014316BE5F} => Key not found.
C:\Windows\System32\Tasks\FTdownloader V6.0-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V6.0-updater => Key not found.
C:\Windows\Tasks\FTdownloader V6.0-chromeinstaller.job not found.
C:\Windows\Tasks\FTdownloader V6.0-updater.job not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
My machine seems to be running smoothly now. although I received a system error message stating " APAgent.exe could not start because DNSSD.dll is missing.
 
thank you again for all the help.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 23 March 2014 - 04:03 PM

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

 

2.

Can you please run FRST as you did the first time you ran it and post the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 stresskill

stresskill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 March 2014 - 04:57 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.03.23.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Joseph :: W530 [administrator]
 
3/23/2014 5:30:20 PM
mbar-log-2014-03-23 (17-30-20).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 268359
Time elapsed: 10 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16750
 
Java version: 1.6.0_33
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 16753209344, free: 13389398016
 
Downloaded database version: v2014.03.23.09
Downloaded database version: v2014.03.18.01
=======================================
Initializing...
------------ Kernel report ------------
     03/23/2014 17:30:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NAVx64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys
\SystemRoot\system32\drivers\NAVx64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140228.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\vncmirror.sys
\SystemRoot\system32\drivers\EMP_UDAU.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\PdiPorts.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\??\C:\Windows\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800dd9a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800d7fa680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800dd9a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800dca8a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa800dd9a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800dd9a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d7fa680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9D0A3B7B
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Joseph (administrator) on W530 on 23-03-2014 17:57:22
Running from C:\Users\Joseph\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-09-21] (Authentec Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
HKLM-x32\...\Run: [googletalk] - C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17424048 2012-06-14] (Skype Technologies S.A.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Joseph\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [GoogleChromeAutoLaunch_2DB0707BF60F636CCFF1ED8D4C17586C] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808 2013-05-29] (Google Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\Run: [Google Update] - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-13] (Google Inc.)
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: G - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: {7227c43e-bde3-11e1-afb1-c01885db4abf} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-805887784-1339501885-3453410536-1000\...\MountPoints2: {74ba5363-a430-11e3-b3ca-c01885db4abf} - G:\MotoCastSetup.exe -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-12] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joseph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joseph\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\internethelper31-customized-web-search.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\mycroft-project.xml
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\vg5hx8sh.default\searchplugins\youtube.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2012-06-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-22]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta983.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha250.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha250\ff
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2014-02-05]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4563848 2012-05-29] (RealVNC Ltd)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation)
S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-30] (Symantec Corporation)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-30] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140228.001\IDSvia64.sys [521944 2014-02-05] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140228.008\ENG64.SYS [126040 2014-01-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140228.008\EX64.SYS [2099288 2014-01-30] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-05-12] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-02-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-23 17:30 - 2014-03-23 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 17:30 - 2014-03-23 17:30 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 17:29 - 2014-03-23 17:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 17:28 - 2014-03-23 17:54 - 00000000 ____D () C:\Users\Joseph\Desktop\mbar
2014-03-23 17:28 - 2014-03-23 17:28 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Joseph\Downloads\mbar-1.07.0.1009.exe
2014-03-23 16:01 - 2014-03-23 17:57 - 00000000 ____D () C:\Users\Joseph\Desktop\FRST fixlist
2014-03-23 16:00 - 2014-03-23 17:57 - 00026761 _____ () C:\Users\Joseph\Desktop\FRST.txt
2014-03-23 15:58 - 2014-03-23 15:58 - 00006727 _____ () C:\Users\Joseph\Downloads\fixlist.txt
2014-03-23 15:57 - 2014-03-23 15:57 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (5).exe
2014-03-23 13:54 - 2014-03-23 17:57 - 00000000 ____D () C:\FRST
2014-03-23 13:54 - 2014-03-23 13:55 - 00040584 _____ () C:\Users\Joseph\Downloads\FRST.txt
2014-03-23 13:54 - 2014-03-23 13:55 - 00033083 _____ () C:\Users\Joseph\Downloads\Addition.txt
2014-03-23 13:54 - 2014-03-23 13:54 - 02157056 _____ (Farbar) C:\Users\Joseph\Desktop\FRST64.exe
2014-03-23 13:52 - 2014-03-23 13:52 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (4).exe
2014-03-23 13:49 - 2014-03-23 13:49 - 00001239 _____ () C:\Users\Joseph\Desktop\JRT.txt
2014-03-23 13:41 - 2014-03-23 13:41 - 01037734 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe
2014-03-23 13:41 - 2014-03-23 13:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 13:33 - 2014-03-23 13:36 - 00000000 ____D () C:\AdwCleaner
2014-03-23 13:31 - 2014-03-23 13:32 - 01950720 _____ () C:\Users\Joseph\Downloads\adwcleaner.exe
2014-03-20 18:22 - 2014-03-20 18:22 - 00029851 _____ () C:\Users\Joseph\Desktop\dds.txt
2014-03-20 18:22 - 2014-03-20 18:22 - 00008480 _____ () C:\Users\Joseph\Desktop\attach.txt
2014-03-20 18:16 - 2014-03-20 18:17 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.com
2014-03-06 23:45 - 2014-03-06 23:45 - 02385840 _____ (Flawless Technology) C:\Users\Joseph\Downloads\FlawlessCodec.exe
2014-03-05 02:49 - 2014-03-05 02:49 - 00221480 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (3).exe
2014-03-05 02:43 - 2014-03-05 02:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-01 01:20 - 2014-03-01 01:20 - 00226088 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (2).exe
2014-02-22 22:11 - 2014-02-22 22:11 - 00558888 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (1).exe
2014-02-22 16:03 - 2014-02-22 16:03 - 00319992 _____ () C:\Users\Joseph\Downloads\Setup (6).exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-23 17:57 - 2014-03-23 16:01 - 00000000 ____D () C:\Users\Joseph\Desktop\FRST fixlist
2014-03-23 17:57 - 2014-03-23 16:00 - 00026761 _____ () C:\Users\Joseph\Desktop\FRST.txt
2014-03-23 17:57 - 2014-03-23 13:54 - 00000000 ____D () C:\FRST
2014-03-23 17:54 - 2014-03-23 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 17:54 - 2014-03-23 17:28 - 00000000 ____D () C:\Users\Joseph\Desktop\mbar
2014-03-23 17:52 - 2012-06-22 02:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 17:32 - 2013-06-13 16:37 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000UA.job
2014-03-23 17:30 - 2014-03-23 17:30 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 17:30 - 2014-03-23 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 17:29 - 2014-03-23 17:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 17:28 - 2014-03-23 17:28 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Joseph\Downloads\mbar-1.07.0.1009.exe
2014-03-23 17:12 - 2013-06-13 04:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 17:08 - 2012-06-22 01:26 - 01691211 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 16:24 - 2009-07-14 01:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 16:24 - 2009-07-14 00:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 16:24 - 2009-07-14 00:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 16:17 - 2013-06-13 04:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 16:16 - 2012-06-22 03:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-23 16:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 16:16 - 2009-07-14 00:51 - 00066392 _____ () C:\Windows\setupact.log
2014-03-23 16:06 - 2014-01-30 00:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 16:05 - 2010-11-20 23:47 - 00374560 _____ () C:\Windows\PFRO.log
2014-03-23 16:04 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-23 15:58 - 2014-03-23 15:58 - 00006727 _____ () C:\Users\Joseph\Downloads\fixlist.txt
2014-03-23 15:57 - 2014-03-23 15:57 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (5).exe
2014-03-23 15:36 - 2012-06-22 02:52 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\Skype
2014-03-23 13:55 - 2014-03-23 13:54 - 00040584 _____ () C:\Users\Joseph\Downloads\FRST.txt
2014-03-23 13:55 - 2014-03-23 13:54 - 00033083 _____ () C:\Users\Joseph\Downloads\Addition.txt
2014-03-23 13:54 - 2014-03-23 13:54 - 02157056 _____ (Farbar) C:\Users\Joseph\Desktop\FRST64.exe
2014-03-23 13:52 - 2014-03-23 13:52 - 00222496 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (4).exe
2014-03-23 13:49 - 2014-03-23 13:49 - 00001239 _____ () C:\Users\Joseph\Desktop\JRT.txt
2014-03-23 13:41 - 2014-03-23 13:41 - 01037734 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe
2014-03-23 13:41 - 2014-03-23 13:41 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 13:36 - 2014-03-23 13:33 - 00000000 ____D () C:\AdwCleaner
2014-03-23 13:36 - 2012-06-22 01:26 - 00000000 ___RD () C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 13:35 - 2013-06-13 16:37 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805887784-1339501885-3453410536-1000Core.job
2014-03-23 13:32 - 2014-03-23 13:31 - 01950720 _____ () C:\Users\Joseph\Downloads\adwcleaner.exe
2014-03-20 18:22 - 2014-03-20 18:22 - 00029851 _____ () C:\Users\Joseph\Desktop\dds.txt
2014-03-20 18:22 - 2014-03-20 18:22 - 00008480 _____ () C:\Users\Joseph\Desktop\attach.txt
2014-03-20 18:17 - 2014-03-20 18:16 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.com
2014-03-12 02:17 - 2013-12-24 23:50 - 00012745 _____ () C:\Users\Joseph\daemonprocess.txt
2014-03-08 22:33 - 2012-06-24 05:56 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\vlc
2014-03-06 23:45 - 2014-03-06 23:45 - 02385840 _____ (Flawless Technology) C:\Users\Joseph\Downloads\FlawlessCodec.exe
2014-03-05 02:49 - 2014-03-05 02:49 - 00221480 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (3).exe
2014-03-05 02:43 - 2014-03-05 02:43 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-05 02:38 - 2014-01-30 17:45 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-05 02:38 - 2014-01-30 17:44 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-03-03 07:56 - 2013-09-16 21:36 - 00000000 ____D () C:\Users\Joseph\AppData\Local\AirParrot
2014-03-02 22:21 - 2014-01-30 15:16 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-01 01:20 - 2014-03-01 01:20 - 00226088 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (2).exe
2014-02-24 03:24 - 2012-06-22 02:34 - 00000000 ____D () C:\Users\Joseph\AppData\Roaming\uTorrent
2014-02-22 23:05 - 2012-07-12 02:20 - 00000000 ____D () C:\Users\Joseph\completed
2014-02-22 22:11 - 2014-02-22 22:11 - 00558888 _____ (Fusion Install ) C:\Users\Joseph\Downloads\Player-Chrome (1).exe
2014-02-22 16:03 - 2014-02-22 16:03 - 00319992 _____ () C:\Users\Joseph\Downloads\Setup (6).exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 19:02
 
==================== End Of Log ============================
 
 
thank you again.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 24 March 2014 - 05:33 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   432bytes   2 downloads

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 stresskill

stresskill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 24 March 2014 - 06:13 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Joseph at 2014-03-24 19:11:59 Run:2
Running from C:\Users\Joseph\Desktop\FRST fixlist
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta983.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta983\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha250.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha250\ff
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
*****************
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta983.net => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha250.net => Value deleted successfully.
vToolbarUpdater18.0.0 => Service deleted successfully.
VGPU => Service deleted successfully.
 
==== End of Fixlog ====
 
seems to be running fine.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 24 March 2014 - 07:18 PM

Hello, stresskill.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.


    One of the most common questions found when cleaning malware is "how did my machine get infected?"

    There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.
    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.
    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here
    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 stresskill

stresskill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 24 March 2014 - 07:56 PM

awesome. thank you!

 

system error message stating " APAgent.exe could not start because DNSSD.dll is missing. what do i do?



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 24 March 2014 - 08:56 PM

Have a look here:

https://discussions.apple.com/message/10993628#10993628


Edited by fireman4it, 24 March 2014 - 08:58 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:29 AM

Posted 27 March 2014 - 12:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users