Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

astromenda redirect


  • This topic is locked This topic is locked
31 replies to this topic

#1 85strat

85strat

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 October 2014 - 07:46 PM

As is the case with many others, I have picked up Astromenda somewhere and cant get rid of it. I went through a recent malware/adware infection with a similar redirect and was asked to download numerous tools and fixit's. I may be wrong, but I believe this is where I picked up the Astromenda.

 

Please assist me with a resolution.

 

85Strat



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 15 October 2014 - 08:17 PM

Hello 85strat,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 October 2014 - 08:41 PM

# AdwCleaner v4.000 - Report created 15/10/2014 at 21:31:52
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jfre - JFRE-PC
# Running from : C:\Users\Jfre\Downloads\FSRT\adwcleaner_4.000.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17088
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [1192 octets] - [10/10/2014 19:09:51]
AdwCleaner[R1].txt - [868 octets] - [15/10/2014 21:29:23]
AdwCleaner[S0].txt - [1399 octets] - [10/10/2014 19:11:54]
AdwCleaner[S1].txt - [783 octets] - [15/10/2014 21:31:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [842 octets] ##########


#4 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 October 2014 - 08:48 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Jfre at 2014-10-15 21:45:25
Running from C:\Users\Jfre\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Ares 2.2.8 (HKLM-x32\...\Ares) (Version: 2.2.8-Build#3052 - Seekar Ltd)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{6CADC615-64C7-7366-A49A-342E8B7D3C9B}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0719.1349.22889 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help English (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help French (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help German (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
ccc-utility64 (Version: 2010.0719.1349.22889 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ConvertXtoDVD 3.3.4.106e (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.3.4.106e - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LG United Mobile Drivers (HKLM-x32\...\{B03954CC-E130-4E57-BC83-869978685902}) (Version: 3.3.0.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6184 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sid Meier's Alpha Centauri (HKLM-x32\...\Sid Meier's Alpha Centauri) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
UMPlayer 0.98 [Athlon] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
VSO Media Player 1.2.2.450 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.2.2.450 - VSO Software)
Waterfall Chart Creator (HKLM-x32\...\Waterfall Chart Creator) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WordPerfect Office X7 (x32 Version: 17.0 - Corel Corporation) Hidden
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-10-2014 06:26:12 Scheduled Checkpoint
14-10-2014 08:40:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-05-19 00:32 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00E2C8F4-D848-4ABA-9736-B7588A7A996E} - System32\Tasks\{9FCA22FF-F41B-4223-802C-515AB1AF215B} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {0320B13E-B55A-4CF6-9735-57FE5B89D424} - System32\Tasks\{D0676FB9-E2FC-4321-A435-9D38097B387A} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {0365392B-5BC1-4D7D-9329-833A90D60881} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {0792D84C-E2CD-4EE3-9B5F-D15AD6784901} - System32\Tasks\{6B3DB292-BFCA-4D9D-A093-2EFCCD566A7C} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {135F7125-D0BC-49AF-A3AD-08D2AE82C6F8} - System32\Tasks\{B1A4D349-A7AD-41FF-9D71-4EDCE4A682F3} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {1D61FFE2-02B7-41CC-B419-58D3973460AA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2305B5DE-3FDD-4FE0-8D01-9FF0E7CD7F89} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {32C5F91C-071C-433D-80E9-564C3B6FAC2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)
Task: {4A7B4540-25D7-4086-B9FD-4118C2D4A4B9} - System32\Tasks\{7E4AE0B7-8FA6-4CF5-B40B-2F7A32159E3F} => C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE [2010-10-22] (Microsoft Corporation)
Task: {6692A44B-9026-4B65-AB1A-7772ABB8B33B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {6BB464D6-39E8-4837-B379-4FA39A47E717} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {6E51B9B3-85F8-439D-9782-6B9A4A62B5E3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {70380631-9AB8-4614-8008-C115C8F915CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {70730D79-A256-48E9-8DFB-1E6590FC5FE4} - System32\Tasks\{BF7F2FEB-67A6-46D7-B4DE-01E14884066F} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {70AEA848-69C4-4F71-AF8F-4106E48AF4FD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {73C72F36-F012-4680-BB4A-24D65986FC10} - System32\Tasks\{68513219-9582-48B8-843A-FE1602B8768C} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {7526D5E1-C781-4472-A7FA-6EB14BFD56B9} - System32\Tasks\{59E23947-2830-43C6-A651-7B192416DBC7} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {789AFCA2-D40D-4ED3-B720-759235FF6CE1} - System32\Tasks\{7265EEAE-949E-4BCC-84B9-5E7812CE369D} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {8E45D75C-4A7E-40E1-A8E2-55AC2992DD2E} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {93D81605-7A64-4157-93F7-7C8F5FC24B87} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-JFRE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {95EE909E-66EE-4D10-BD36-69A4553FA068} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {967B1799-ED1A-4887-8219-522FC9A237E0} - System32\Tasks\{6DEBC9C0-0AA5-4CD0-B223-50C07D3448E4} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {972A5485-010E-409B-8502-311C5784F5AC} - System32\Tasks\{8A3DC156-CEF4-4E91-9CC9-B2D09CC96163} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {97497E71-EA3F-4D2C-8FCE-0A3EEAE8DB4C} - System32\Tasks\{3DB6F98F-435C-4DE2-8BEC-F8F12F6FB284} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {9816BFC4-3320-4BA9-8291-B1B7CF39DEC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {B772BA53-80F5-4263-9B37-3F5D276F757A} - System32\Tasks\{55D304AB-830F-4E16-90D1-B6A1BEC8F340} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {B82E61D0-2022-4ACA-8AA3-285FCFBF0F71} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B873F741-7D35-4650-BD67-F48A24B8DC59} - System32\Tasks\{3F81FB9F-98C7-4959-8285-887CDEC6FB74} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {BB7C401C-E40C-4E24-9437-A2A358B940A5} - System32\Tasks\{C52EF7DC-AB60-46FB-BAEC-38AED9825896} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {BC20D3C7-1E37-42B9-9233-E395CA35F792} - System32\Tasks\{D477315D-75AE-47C4-BAFD-65F1CB548DBB} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111&LastError=12002
Task: {C40FA083-A2A0-4E44-97E1-1236332538C4} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {C9817565-4906-4D4B-BFEA-9D8A51434A35} - System32\Tasks\{CB17A3C9-2D78-4980-A4D6-56DB4CB164EC} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {CB8C5376-AA00-437C-B526-E3C560BEEBB7} - System32\Tasks\{BC79F1AD-ACA9-411B-9375-344B4A801D88} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {DE2C0309-F28D-4DA3-87E5-ED88EC4B29D4} - System32\Tasks\{B1D55DEE-BE06-4C6D-8AD0-205F1AE5B1FD} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {DE3BE240-9A3C-4A9A-8CF5-0670CB1B6290} - System32\Tasks\{2A84D7E6-A43E-423A-AA21-738680DD471A} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {DF090A9B-AFB0-4E84-8FEA-085F0FF6D840} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E4656E7B-A7D3-43A0-9B4E-3F4E96230D63} - System32\Tasks\{7DB972BC-19C4-41C2-870F-2C58962D36A7} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {E8F17B73-9029-4E18-A7A5-E724FDCC4AEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EA742FDF-6374-4651-B22E-51F849708105} - System32\Tasks\{6A6A8CA0-8D11-4EDD-9FE1-4E4DF6B7464A} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {EF142FBE-C7C6-4EB5-9418-3676E60ED74E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {FB310C60-75AC-42F1-BD05-F21507D5C31B} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-06-23 06:39 - 2010-06-23 06:39 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-12-11 11:53 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-12-11 11:53 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-07-08 23:35 - 2014-07-08 23:35 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-15 17:14 - 2014-10-15 17:14 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2010-06-23 06:39 - 2010-06-23 06:39 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
2010-06-23 06:39 - 2010-06-23 06:39 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll
2014-07-08 23:35 - 2014-07-08 23:35 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-15 21:35 - 2014-10-15 21:35 - 00043008 _____ () c:\users\jfre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputvdsa.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Jfre\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-24 22:12 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 22:12 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 22:12 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 22:12 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 22:12 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Jfre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jfre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jfre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BYR_AGENT => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Jfre\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jfre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\Jfre\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-284951326-781440196-1633126248-500 - Administrator - Disabled)
Guest (S-1-5-21-284951326-781440196-1633126248-501 - Administrator - Enabled)
HomeGroupUser$ (S-1-5-21-284951326-781440196-1633126248-1005 - Administrator - Enabled)
Jfre (S-1-5-21-284951326-781440196-1633126248-1000 - Administrator - Enabled) => C:\Users\Jfre
Mcx1-JFRE-PC (S-1-5-21-284951326-781440196-1633126248-1006 - Administrator - Enabled) => C:\Users\Mcx1-JFRE-PC
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 05:58:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7125.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e70
 
Start Time: 01cfe8c2f96d1c24
 
Termination Time: 7
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: 5f6ae41f-54b6-11e4-900b-1c7508590d6f
 
Error: (10/15/2014 01:35:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7125.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d10
 
Start Time: 01cfe67d583b2ba5
 
Termination Time: 3607
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: ea93672b-542c-11e4-8ee3-1c7508590d6f
 
Error: (10/10/2014 08:50:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (10/15/2014 09:34:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
TPPWRIF
 
Error: (10/15/2014 09:33:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcregservice Service service failed to start due to the following error: 
%%2
 
Error: (10/15/2014 08:23:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/15/2014 08:19:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 05:58:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7125.5000e7001cfe8c2f96d1c247C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE5f6ae41f-54b6-11e4-900b-1c7508590d6f
 
Error: (10/15/2014 01:35:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7125.5000d1001cfe67d583b2ba53607C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEea93672b-542c-11e4-8ee3-1c7508590d6f
 
Error: (10/10/2014 08:50:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-19 00:30:55.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:54.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:54.383
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:53.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 10:10:06.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 10:10:05.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-07 00:44:20.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-07 00:44:19.740
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II P540 Dual-Core Processor
Percentage of memory in use: 47%
Total physical RAM: 4090.9 MB
Available physical RAM: 2145.52 MB
Total Pagefile: 8179.98 MB
Available Pagefile: 5928.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:122.57 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C078518)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ============================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 15 October 2014 - 10:06 PM

You gave me the additional.txt. Can you please post the FRST.txt?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 October 2014 - 10:17 PM

Apologies - 

 

Ran by Jfre (administrator) on JFRE-PC on 15-10-2014 21:43:26
Running from C:\Users\Jfre\Desktop
Loaded Profile: Jfre (Available profiles: Jfre & Mcx1-JFRE-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Seekar Ltd) C:\Program Files (x86)\Ares\Ares.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Jfre\Desktop\FRST64 (1).exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-284951326-781440196-1633126248-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-284951326-781440196-1633126248-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [2758656 2014-03-28] (Seekar Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jfre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jfre\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-22]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_41_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCtBzz0DtDyC0DyD0FyCtN0D0Tzu0StCtDtCtCtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyByC0DzyyByD0FtGzzyEyCtBtG0E0CyB0DtGyByByD0CtGyB0E0D0A0B0D0A0D0CtCyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0AyC0FtByEzytGyD0B0BtDtGyE0B0ByBtG0B0F0C0DtGyByDyD0Bzz0ByE0C0CtCyC0A2Q&cr=1531715830&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_wnzp01_14_41_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCtBzz0DtDyC0DyD0FyCtN0D0Tzu0StCtDtCtCtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyByC0DzyyByD0FtGzzyEyCtBtG0E0CyB0DtGyByByD0CtGyB0E0D0A0B0D0A0D0CtCyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0A0AyC0FtByEzytGyD0B0BtDtGyE0B0ByBtG0B0F0C0DtGyByDyD0Bzz0ByE0C0CtCyC0A2Q&cr=1531715830&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (avast! Online Security) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-04-22] ()
S1 TPPWRIF; C:\Program Files (x86)\Lenovo Battery Utility 2014\TPPWR64V.sys [20736 2014-03-05] (Lenovo Group Limited)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
S3 wdmirror; No ImagePath
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 21:43 - 2014-10-15 21:44 - 00017504 _____ () C:\Users\Jfre\Desktop\FRST.txt
2014-10-15 21:43 - 2014-10-15 21:43 - 00000000 ____D () C:\FRST
2014-10-15 21:42 - 2014-10-15 21:42 - 02111488 _____ (Farbar) C:\Users\Jfre\Desktop\FRST64 (1).exe
2014-10-15 21:32 - 2014-10-15 21:32 - 00000318 _____ () C:\windows\PFRO.log
2014-10-15 20:59 - 2014-10-15 21:01 - 00000000 ____D () C:\Users\Jfre\Documents\Entrepreneurship
2014-10-15 20:17 - 2014-10-15 21:43 - 00000410 _____ () C:\windows\setupact.log
2014-10-15 20:17 - 2014-10-15 20:17 - 00000000 _____ () C:\windows\setuperr.log
2014-10-10 22:05 - 2014-10-10 22:06 - 00000000 ____D () C:\Users\Jfre\Documents\msoffice2010
2014-10-10 19:30 - 2014-10-10 19:31 - 00099384 _____ () C:\Users\Jfre\AppData\Roaming\inst.exe
2014-10-10 19:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-10 19:09 - 2014-10-15 21:31 - 00000000 ____D () C:\AdwCleaner
2014-10-10 19:09 - 2014-10-10 19:09 - 01375089 _____ () C:\Users\Jfre\Downloads\adwcleaner_3.311.exe
2014-10-10 13:00 - 2014-10-10 13:28 - 3320903680 _____ () C:\Users\Jfre\Downloads\X17-58997 (1).iso
2014-10-10 12:41 - 2014-10-10 13:16 - 00000000 ____D () C:\Users\Jfre\Documents\done
2014-10-10 12:15 - 2014-10-10 12:15 - 00228387 _____ () C:\Users\Jfre\Downloads\dlgdiag_5_22.zip
2014-10-10 12:15 - 2014-10-10 12:15 - 00000000 ____D () C:\Users\Jfre\Documents\dlgdiag_5_22
2014-10-10 12:08 - 2014-10-10 12:08 - 00000000 ____D () C:\Users\Jfre\Documents\dlgdiag_5_22 (1)
2014-10-10 12:00 - 2014-10-10 13:24 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\ImgBurn
2014-10-10 11:54 - 2014-10-10 11:54 - 00001877 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-10-10 11:54 - 2014-10-10 11:54 - 00001865 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-10-10 11:54 - 2014-10-10 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-10-10 11:54 - 2014-10-10 11:54 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-10-07 23:47 - 2014-10-10 22:03 - 00000000 ____D () C:\Users\Jfre\Documents\New folder
2014-10-07 20:42 - 2014-10-08 10:42 - 00000068 _____ () C:\Users\Jfre\AppData\Roaming\WB.CFG
2014-10-07 19:49 - 2014-10-07 19:49 - 52740576 _____ (VSO Software ) C:\Users\Jfre\Downloads\copyto5_setup.exe
2014-10-07 19:35 - 2014-10-07 19:36 - 00000000 ____D () C:\Users\Jfre\AppData\Local\WinZip
2014-10-07 19:35 - 2014-10-07 19:36 - 00000000 ____D () C:\ProgramData\WinZip
2014-10-07 19:35 - 2014-10-07 19:35 - 00002243 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-10-07 19:35 - 2014-10-07 19:35 - 00002237 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-10-07 19:35 - 2014-10-07 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-07 19:34 - 2014-10-07 19:35 - 00000000 ____D () C:\Program Files\WinZip
2014-10-07 19:34 - 2014-10-07 19:34 - 00000000 ____D () C:\Program Files\File Association Helper
2014-10-07 19:33 - 2014-10-07 19:33 - 00872448 _____ ( ) C:\Users\Jfre\Downloads\winzip18-lan_en.exe
2014-10-07 12:36 - 2014-10-07 12:35 - 00022525 _____ () C:\Users\Jfre\Documents\Lenovo Harware Test Report.html
2014-10-07 11:34 - 2014-10-07 11:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-10-07 11:34 - 2014-10-07 11:34 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\LSC
2014-10-07 11:32 - 2014-10-07 11:32 - 00001951 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-07 11:32 - 2014-10-07 11:32 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2014-10-07 11:31 - 2014-10-07 11:31 - 36372104 _____ (Lenovo Group Limited) C:\Users\Jfre\Downloads\lscsetup_x64_26001.exe
2014-10-07 11:31 - 2014-10-07 11:31 - 00000000 ____D () C:\windows\Downloaded Installations
2014-10-07 11:27 - 2014-10-07 11:27 - 03462480 _____ (Lenovo Corp ) C:\Users\Jfre\Downloads\LenovoBattery.exe
2014-10-07 11:27 - 2014-10-07 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Battery Utility 2014
2014-10-07 11:27 - 2014-10-07 11:27 - 00000000 ____D () C:\Program Files (x86)\Lenovo Battery Utility 2014
2014-10-05 22:54 - 2014-10-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-05 22:54 - 2014-10-05 22:54 - 00000000 ____D () C:\Program Files\7-Zip
2014-10-05 22:50 - 2014-10-05 22:50 - 01376768 _____ () C:\Users\Jfre\Downloads\7z920-x64.msi
2014-10-05 22:44 - 2014-10-05 22:45 - 124916464 _____ (Microsoft Corporation) C:\Users\Jfre\Downloads\msert (1).exe
2014-10-05 22:42 - 2014-10-05 22:42 - 00133902 _____ () C:\Users\Jfre\Downloads\msert.exe
2014-10-05 16:50 - 2014-10-05 16:50 - 00000756 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-10-05 16:50 - 2014-10-05 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-10-05 16:50 - 2014-10-05 16:50 - 00000000 ____D () C:\Program Files\Speccy
2014-10-05 16:49 - 2014-10-05 16:49 - 04890736 _____ (Piriform Ltd) C:\Users\Jfre\Desktop\spsetup126.exe
2014-10-05 16:42 - 2014-10-05 16:42 - 00401920 _____ (Farbar) C:\Users\Jfre\Desktop\MiniToolBox.exe
2014-10-05 11:05 - 2014-10-05 11:05 - 04965896 _____ (Piriform Ltd) C:\Users\Jfre\Downloads\ccsetup418.exe
2014-10-03 11:27 - 2014-10-03 11:27 - 02632704 _____ () C:\Users\Jfre\Downloads\robbinsfom8inppt03.ppt
2014-10-02 19:52 - 2014-10-02 19:52 - 00002984 _____ () C:\windows\System32\Tasks\{7E4AE0B7-8FA6-4CF5-B40B-2F7A32159E3F}
2014-10-02 19:32 - 2014-10-02 19:32 - 03762688 _____ () C:\Users\Jfre\Downloads\robbinsfom8inppt02.ppt
2014-09-30 16:20 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 16:20 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-27 14:23 - 2014-09-27 14:24 - 00000000 ____D () C:\Users\Jfre\AppData\Local\{735C2123-901F-4B13-A104-8B3493AEF6DD}
2014-09-26 23:19 - 2014-10-15 21:03 - 00000000 ____D () C:\Users\Jfre\Documents\Moodleroom bleep
2014-09-26 15:53 - 2014-09-26 15:54 - 00000000 ____D () C:\Users\Jfre\Documents\NYSEG
2014-09-26 15:50 - 2014-09-26 22:02 - 00000000 ____D () C:\Users\Jfre\Documents\Virg resume & stuff
2014-09-26 15:40 - 2014-09-26 15:40 - 00000000 ____D () C:\Users\Jfre\Documents\UCS docs
2014-09-24 02:58 - 2014-09-24 02:59 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\JPL-NASA-Caltech
2014-09-24 02:57 - 2014-09-24 02:57 - 64400688 _____ () C:\Users\Jfre\Downloads\NASA's Eyes.exe
2014-09-23 19:02 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 19:02 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-18 15:10 - 2014-10-12 20:33 - 00000000 ____D () C:\Users\Jfre\Documents\Principles of Management
2014-09-17 18:09 - 2014-09-17 18:09 - 00000924 _____ () C:\Users\Mcx1-JFRE-PC\Desktop\NTREGOPT.lnk
2014-09-17 18:09 - 2014-09-17 18:09 - 00000924 _____ () C:\Users\Jfre\Desktop\NTREGOPT.lnk
2014-09-17 18:09 - 2014-09-17 18:09 - 00000905 _____ () C:\Users\Mcx1-JFRE-PC\Desktop\ERUNT.lnk
2014-09-17 18:09 - 2014-09-17 18:09 - 00000905 _____ () C:\Users\Jfre\Desktop\ERUNT.lnk
2014-09-17 18:09 - 2014-09-17 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-09-17 18:09 - 2014-09-17 18:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-09-17 18:01 - 2014-09-17 18:01 - 00791393 _____ (Lars Hederer ) C:\Users\Jfre\Downloads\erunt-setup.exe
2014-09-17 17:18 - 2014-09-17 17:20 - 00001956 _____ () C:\DelFix.txt
2014-09-17 17:15 - 2014-09-17 17:15 - 00709564 _____ () C:\Users\Jfre\Downloads\delfix_10.8.exe
2014-09-17 17:09 - 2014-09-17 17:09 - 00000000 ____D () C:\Users\Jfre\Downloads\backups
2014-09-16 21:03 - 2014-09-16 21:02 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-09-16 21:02 - 2014-09-16 21:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-09-16 21:02 - 2014-09-16 21:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-09-16 21:02 - 2014-09-16 21:02 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-09-16 21:02 - 2014-09-16 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-16 21:02 - 2014-09-16 21:02 - 00000000 ____D () C:\Program Files\Java
2014-09-16 21:01 - 2014-09-16 21:01 - 31013800 _____ (Oracle Corporation) C:\Users\Jfre\Downloads\jre-7u67-windows-x64.exe
2014-09-16 20:51 - 2014-09-19 13:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 20:51 - 2014-09-19 13:19 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-16 18:17 - 2014-09-16 18:17 - 00000000 ____D () C:\Users\Jfre\AppData\Local\{8E7D80AD-00C5-4E2A-980A-4BF1436896BE}
2014-09-16 17:23 - 2014-09-16 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:15 - 2014-09-17 17:18 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 09:19 - 2014-10-15 21:29 - 00000000 ____D () C:\Users\Jfre\Downloads\FSRT
2014-09-15 08:15 - 2014-09-15 08:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jfre\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-15 03:24 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 03:24 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 03:24 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 03:24 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 03:24 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 03:24 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 03:24 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 03:24 - 2014-08-16 02:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-09-15 03:24 - 2014-08-16 01:53 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-15 03:03 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 03:03 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 21:42 - 2014-06-04 20:19 - 01211603 _____ () C:\windows\WindowsUpdate.log
2014-10-15 21:42 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 21:42 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 21:35 - 2014-08-27 20:33 - 00000000 ___RD () C:\Users\Jfre\Dropbox
2014-10-15 21:35 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Dropbox
2014-10-15 21:33 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-15 21:14 - 2012-07-17 01:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 18:59 - 2012-07-10 16:37 - 00000000 ____D () C:\Users\Jfre\.umplayer
2014-10-15 18:13 - 2014-05-19 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 17:34 - 2013-04-22 17:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-15 02:36 - 2011-03-31 12:06 - 00000000 ____D () C:\windows\Minidump
2014-10-10 22:52 - 2011-05-06 15:50 - 00000000 ____D () C:\Users\Jfre\Desktop\My Shared Folder
2014-10-10 19:55 - 2014-04-15 22:08 - 00000000 ____D () C:\Users\Jfre\Documents\Life Coaching
2014-10-10 19:44 - 2011-08-21 20:31 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Vso
2014-10-10 19:32 - 2011-08-21 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-10-10 19:32 - 2011-08-21 20:31 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-10-10 19:31 - 2011-08-21 20:32 - 00000055 _____ () C:\Users\Jfre\AppData\Roaming\pcouffin.log
2014-10-10 19:31 - 2011-08-21 20:31 - 00082816 _____ (VSO Software) C:\Users\Jfre\AppData\Roaming\pcouffin.sys
2014-10-10 19:31 - 2011-08-21 20:31 - 00007859 _____ () C:\Users\Jfre\AppData\Roaming\pcouffin.cat
2014-10-10 19:30 - 2013-05-18 17:21 - 00000000 ____D () C:\ProgramData\VSO
2014-10-10 18:32 - 2011-06-23 22:07 - 00000000 ____D () C:\windows\CheckSur
2014-10-10 13:25 - 2011-03-01 12:27 - 00001118 _____ () C:\Users\Jfre\Desktop\Cyberlink Power2Go.lnk
2014-10-09 16:39 - 2014-06-09 20:58 - 00000671 _____ () C:\Users\Jfre\AppData\Roaming\vso_ts_preview.xml
2014-10-09 11:39 - 2011-04-03 23:53 - 00000000 ____D () C:\Users\Jfre\Documents\Outlook Files
2014-10-09 11:39 - 2011-03-01 12:27 - 00002239 _____ () C:\Users\Jfre\Desktop\OneKey Recovery.lnk
2014-10-07 19:51 - 2013-05-18 23:55 - 00001234 _____ () C:\Users\Jfre\Desktop\VSO Media Player 1.lnk
2014-10-07 11:36 - 2010-12-11 11:44 - 00000000 ____D () C:\ProgramData\Lenovo
2014-10-07 11:32 - 2010-12-11 11:49 - 00000000 ____D () C:\Program Files\Lenovo
2014-10-06 21:01 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-05 23:55 - 2009-07-14 01:13 - 00850518 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-05 18:27 - 2011-05-29 23:03 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Real
2014-10-05 18:27 - 2011-05-29 23:03 - 00000000 ____D () C:\Program Files (x86)\Real
2014-10-05 18:26 - 2011-05-29 23:03 - 00000000 ____D () C:\ProgramData\Real
2014-10-05 12:26 - 2011-02-03 13:53 - 00000000 ____D () C:\Users\Jfre\AppData\Local\Ares
2014-10-05 11:07 - 2011-08-25 15:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-05 11:03 - 2011-07-28 11:44 - 00000000 ____D () C:\windows\pss
2014-10-04 00:53 - 2011-04-23 15:34 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Skype
2014-10-01 20:17 - 2013-02-17 12:02 - 00000000 ____D () C:\Users\Jfre\Documents\step work and guide
2014-10-01 20:16 - 2013-07-05 11:14 - 00000000 ____D () C:\Users\Jfre\Documents\Southwood
2014-10-01 20:08 - 2013-07-05 11:13 - 00000000 ____D () C:\Users\Jfre\Documents\Social Psych
2014-10-01 00:17 - 2013-12-12 18:10 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\uTorrent
2014-09-27 11:45 - 2012-07-10 16:40 - 00000000 ____D () C:\Users\Jfre\AppData\Local\MPlayer
2014-09-27 07:54 - 2011-03-01 12:29 - 00117112 _____ () C:\Users\Jfre\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 07:52 - 2009-07-14 00:45 - 00422904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-27 01:27 - 2014-05-16 11:02 - 00000000 ____D () C:\ProgramData\Corel
2014-09-27 01:22 - 2014-05-16 11:01 - 00000000 ____D () C:\ProgramData\Borland
2014-09-26 22:10 - 2013-01-05 15:22 - 00000000 ____D () C:\Users\Jfre\Documents\ConvertXtoDVD
2014-09-24 07:58 - 2013-09-11 04:27 - 00000000 ____D () C:\windows\rescache
2014-09-24 07:14 - 2012-07-17 01:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 07:14 - 2012-03-31 12:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 07:14 - 2011-05-18 20:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 22:08 - 2014-08-27 20:33 - 00001013 _____ () C:\Users\Jfre\Desktop\Dropbox.lnk
2014-09-22 22:08 - 2014-04-30 09:47 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 13:19 - 2010-12-11 11:31 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-19 00:27 - 2011-03-08 00:25 - 00000000 ____D () C:\Users\Jfre\AppData\Local\Adobe
2014-09-17 19:05 - 2009-07-29 03:00 - 00000000 ____D () C:\windows\Panther
2014-09-17 18:10 - 2014-05-07 00:28 - 00000000 ____D () C:\windows\erdnt
2014-09-17 17:27 - 2011-03-01 12:27 - 00000000 ____D () C:\Users\Jfre
2014-09-17 17:26 - 2012-08-24 20:54 - 00000000 ____D () C:\Users\Mcx1-JFRE-PC
2014-09-17 17:26 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-09-17 17:13 - 2014-08-21 17:11 - 00003222 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-17 17:13 - 2013-10-09 21:50 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-17 00:18 - 2014-05-18 11:14 - 00000000 ____D () C:\temp
2014-09-16 20:54 - 2011-04-13 12:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-16 20:51 - 2010-12-11 11:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-16 18:13 - 2014-05-16 11:07 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Corel
2014-09-16 17:24 - 2011-04-23 15:33 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 17:23 - 2014-07-06 15:32 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 17:23 - 2011-04-23 15:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 09:32 - 2014-04-09 14:32 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-16 09:32 - 2014-03-26 17:02 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-16 09:15 - 2011-03-14 16:33 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-15 22:58 - 2013-05-07 21:49 - 00000000 ____D () C:\Users\Jfre\Documents\RC INFO
2014-09-15 14:52 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-09-15 09:06 - 2011-05-14 10:29 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-15 08:17 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 08:17 - 2014-05-19 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 03:23 - 2011-01-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:19 - 2011-01-23 17:18 - 00843068 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-15 03:17 - 2013-08-15 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 03:05 - 2011-01-28 13:35 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputvdsa.dll
C:\Users\Jfre\AppData\Local\Temp\Quarantine.exe
C:\Users\Jfre\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-07 21:34
 
==================== End Of Log ============================


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 16 October 2014 - 08:31 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   439bytes   2 downloads

 

 

 

2.

We need to Uninstall Google Chrome and reinstall it. If it ask to delete your personal settings please say yes.

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 October 2014 - 09:09 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Jfre at 2014-10-16 22:07:32 Run:1
Running from C:\Users\Jfre\Desktop
Loaded Profile: Jfre (Available profiles: Jfre & Mcx1-JFRE-PC)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S3 wdmirror; No ImagePath
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputvdsa.dll
C:\Users\Jfre\AppData\Local\Temp\Quarantine.exe
C:\Users\Jfre\AppData\Local\Temp\sqlite3.dll
 
 
*****************
 
pcregservice => Service deleted successfully.
wdmirror => Service deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
IviRegMgr => Service deleted successfully.
RichVideo => Service deleted successfully.
SQLWriter => Service deleted successfully.
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputvdsa.dll => Moved successfully.
C:\Users\Jfre\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jfre\AppData\Local\Temp\sqlite3.dll => Moved successfully.
 
==== End of Fixlog ====


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 16 October 2014 - 10:51 PM

DID you reinstall chrome? How is the machine running?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 October 2014 - 11:01 PM

I did re-install it and when I pulled up chrome the astromenda was still in the lead screen

 

There are still some lags and extended loading going on


Edited by 85strat, 16 October 2014 - 11:02 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 19 October 2014 - 09:41 PM

Did you completely uninstall chrome? 

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 20 October 2014 - 06:37 PM

 I have followed the suggestions: uninstall and reinstall google chrome; run the MalWare and then RogueKiller. the following is the RogueKiller report:

 

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jfre [Administrator]
Mode : Scan -- Date : 10/20/2014  17:30:28
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 17 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-284951326-781440196-1633126248-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-284951326-781440196-1633126248-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-284951326-781440196-1633126248-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-284951326-781440196-1633126248-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2599F374-4C89-4305-BCFE-D65831893053} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 ATA Device +++++
--- User ---
[MBR] 0ae59e7875e2695d914b26184e66276a
[BSP] 94005e06a3f711225df9a5625c3c2608 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_10202014_153354.log - RKreport_DEL_10202014_153411.log - RKreport_DEL_10202014_153430.log - RKreport_DEL_10202014_161641.log
RKreport_DEL_10202014_161732.log - RKreport_DEL_10202014_161747.log - RKreport_DEL_10202014_161749.log - RKreport_DEL_10202014_161757.log
RKreport_DEL_10202014_161759.log - RKreport_DEL_10202014_161801.log - RKreport_DEL_10202014_161802.log - RKreport_DEL_10202014_161803.log
RKreport_DEL_10202014_161822.log - RKreport_DEL_10202014_161828.log - RKreport_DEL_10202014_161836.log - RKreport_DEL_10202014_161841.log
RKreport_DEL_10202014_161847.log - RKreport_DEL_10202014_161904.log - RKreport_DEL_10202014_161914.log - RKreport_SCN_10202014_152117.log
RKreport_SCN_10202014_154212.log
 
Restarted the computer, opened my browser and astromenda is still there. Something else thats puzzing - the sound (speaker)icon on the task bar shows an X and when the cursor is moved over it a mssg that says the the audio service is not running appears. Although there is sound for audio and video files.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 22 October 2014 - 07:46 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 27 October 2014 - 05:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:26 PM

Posted 30 October 2014 - 12:08 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users