Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake google chrome virus


  • Please log in to reply
3 replies to this topic

#1 Jrieth

Jrieth

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 December 2014 - 12:50 AM

I have a virus that creates a ton of processes that slows down my computer, and says its google chrome. It is in the appdata folder. What should I do?

John

 

Edit: I have a Windows 7, this is the folder for the program:

 

AppData\LocalLow\EmieBrowserModeList

 

The file name is srcgwulu.exe

 

To fix the problem, I tried to delete the file and contents in safe mode, but the file reappeared.


Edited by Jrieth, 30 December 2014 - 02:04 AM.
moved from Windows 7 to the appropriate forum for malware removal


BC AdBot (Login to Remove)

 


#2 Jrieth

Jrieth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 December 2014 - 01:15 AM

Here is the Farber Recovery Scan Tool

===========================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by John Rieth (administrator) on JOHNRIETH-THINK on 30-12-2014 00:52:28
Running from C:\Users\John Rieth\Downloads
Loaded Profile: John Rieth (Available profiles: John Rieth)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\cammute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\John Rieth\Downloads\ChromeSetup(2).exe
(Google Inc.) C:\Users\John Rieth\Downloads\ChromeSetup(2).exe
(Google Inc.) C:\Users\John Rieth\AppData\Local\Temp\GUM97EB.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\John Rieth\AppData\Local\Temp\GUMB7BB.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\John Rieth\AppData\Local\Temp\GUMB7BB.tmp\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM2DD.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\John Rieth\AppData\Local\Temp\GUM97EB.tmp\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM427C.tmp\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\srcgwulu.exe
(Google Inc.) C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\srcgwulu.exe
(Google Inc.) C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\srcgwulu.exe
(Google Inc.) C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\srcgwulu.exe
(Google Inc.) C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\srcgwulu.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [773256 2014-12-10] (Webroot)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes1\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\Run: [Bjmdagj] => regsvr32.exe /s "C:\Users\John Rieth\AppData\Local\My Games\Bjmdagj.dll" <===== ATTENTION
HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\MountPoints2: {10574c35-152d-11e4-bfc2-f0def106c0d2} - D:\autorunner.exe "pdfEx.exe"
HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\MountPoints2: {1ee882a8-4fea-11e2-b4a2-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
AppInit_DLLs-x32: , => "" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli ACGina
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastosearch.info/?pid=2942&r=2014/06/11&hid=1337428883005246972&lg=EN&cc=US&unqvl=55
HKU\S-1-5-21-2173461512-1696620524-436504095-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-2173461512-1696620524-436504095-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {49882028-C919-4F5F-82FC-86ACAC6B8158} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKLM -> {49882028-C919-4F5F-82FC-86ACAC6B8158} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=179&itype=n&ver=12791&tm=376&src=ds&p={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=2942&r=2014/06/11&hid=1337428883005246972&lg=EN&cc=US&unqvl=55
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=179&itype=n&ver=12791&tm=376&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {C55DECC2-BE2D-4206-ABCF-0F6BBDAFE21D} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1F4F501C-59D8-4982-B0C2-7825D00C1B0B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {8ED0708F-8FC2-4AFB-858D-AA0C65506343} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=179&itype=n&ver=12791&tm=376&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=2942&r=2014/06/11&hid=1337428883005246972&lg=EN&cc=US&unqvl=55
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {C55DECC2-BE2D-4206-ABCF-0F6BBDAFE21D} URL = 
SearchScopes: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> {EAC245F3-0680-4C64-AF62-3D8415B400C6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN21072976466365275&UM=2
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: saveu on -> {7B222284-556F-CDFF-B360-F797B829A434} -> C:\Program Files (x86)\saveu on\FPsrEc93Uy.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: saveu on -> {7B222284-556F-CDFF-B360-F797B829A434} -> C:\Program Files (x86)\saveu on\FPsrEc93Uy.dll ()
BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Fast Free Converter 4.1 -> {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-2173461512-1696620524-436504095-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default
FF DefaultSearchEngine: Trovi search
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.fastosearch.info/?pid=2942&r=2014/06/11&hid=1337428883005246972&lg=EN&cc=US&unqvl=55&l=1&q=
FF SearchEngineOrder.1: default-search.net
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes1\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\user.js
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\vafmusic2-customized-web-search.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: MySearch - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\ioae.lpc@bboyo.org [2014-06-13]
FF Extension: savee on - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\mbb7eqzba@lfs-lvc.co.uk [2014-06-13]
FF Extension: saviE ioN - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\n3kr8-u@mrziieirjwb.edu [2014-06-13]
FF Extension: YoutubeAdblocker - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\quvy.l@zzqszqgbj.co.uk [2014-06-13]
FF Extension: Speedial - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} [2014-06-13]
FF Extension: Boost - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\Extensions\boost@boost.net.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF Extension: FastFreeConverter - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com [2013-11-22]
FF Extension: No Name - C:\Users\John Rieth\AppData\Roaming\Mozilla\Firefox\Profiles\zoyi2nj3.default\{55bbc577-fb0b-4e77-8a51-e033716a9ead} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (AdBlock) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Users\John Rieth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\John Rieth\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKU\S-1-5-21-2173461512-1696620524-436504095-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\John Rieth\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [161128 2010-02-04] (Lenovo.)
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [193024 2013-07-29] () [File not signed]
R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-12-29] ()
R2 msftesql$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$CSSQL05; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2012-12-26] (Symantec Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed]
S2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2014-11-08] (Hewlett-Packard)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [773256 2014-12-10] (Webroot)
S2 Update focusbase; "C:\Program Files (x86)\focusbase\updatefocusbase.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Windows\system32\drivers\NISx64\1007000.01E\BHDrvx64.sys [334384 2012-12-26] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1007000.01E\ccHPx64.sys [583296 2012-12-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [397360 2012-12-26] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2012-12-27] ()
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2012-12-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2012-12-26] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-01] ()
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1007000.01E\SYMEFA64.SYS [402992 2012-12-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-12-26] (Symantec Corporation)
R3 SYMFW; C:\Windows\system32\drivers\NISx64\1007000.01E\SYMFW.SYS [120880 2012-12-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2012-12-26] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\system32\drivers\NISx64\1007000.01E\SYMNDISV.SYS [56880 2012-12-26] (Symantec Corporation)
R1 SYMTDI; C:\Windows\system32\drivers\NISx64\1007000.01E\SYMTDI.SYS [278576 2012-12-26] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-02-04] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-12-10] (Webroot)
R1 {55bbc577-fb0b-4e77-8a51-e033716a9ead}w64; C:\Windows\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}w64.sys [48776 2014-11-15] (StdLib)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS [X]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 01:02 - 2014-12-30 01:02 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 00:45 - 2014-12-30 00:51 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 00:45 - 2014-12-30 00:50 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 00:45 - 2014-12-30 00:45 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-30 00:44 - 2014-12-30 00:44 - 06000640 _____ () C:\Program Files (x86)\GUT2EE.tmp
2014-12-30 00:44 - 2014-12-30 00:44 - 00000000 ____D () C:\Program Files (x86)\GUM2DD.tmp
2014-12-30 00:43 - 2014-12-30 00:43 - 00880784 _____ (Google Inc.) C:\Users\John Rieth\Downloads\ChromeSetup(2).exe
2014-12-30 00:31 - 2014-12-30 00:34 - 00033376 _____ () C:\Users\John Rieth\Downloads\Addition.txt
2014-12-30 00:23 - 2014-12-30 00:58 - 00030524 _____ () C:\Users\John Rieth\Downloads\FRST.txt
2014-12-30 00:22 - 2014-12-30 00:53 - 00000000 ____D () C:\FRST
2014-12-30 00:22 - 2014-12-30 00:22 - 02123264 _____ (Farbar) C:\Users\John Rieth\Downloads\FRST64.exe
2014-12-30 00:21 - 2014-12-30 00:21 - 01114624 _____ (Farbar) C:\Users\John Rieth\Downloads\FRST.exe
2014-12-30 00:21 - 2014-12-30 00:21 - 00828440 _____ ( ) C:\Users\John Rieth\Downloads\adobe_flash_setup.exe
2014-12-30 00:14 - 2014-12-30 00:15 - 00880784 _____ (Google Inc.) C:\Users\John Rieth\Downloads\ChromeSetup(1).exe
2014-12-30 00:13 - 2014-12-30 00:14 - 00880784 _____ (Google Inc.) C:\Users\John Rieth\Downloads\ChromeSetup.exe
2014-12-29 23:18 - 2014-12-29 23:18 - 00003288 ____N () C:\bootsqm.dat
2014-12-29 23:16 - 2014-12-29 23:16 - 00000000 __SHD () C:\found.001
2014-12-29 22:34 - 2014-12-30 00:40 - 00007600 _____ () C:\Users\John Rieth\AppData\Local\Resmon.ResmonCfg
2014-12-18 01:59 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 01:59 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 13:34 - 2014-12-12 13:34 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-10 03:35 - 2014-12-10 03:35 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:05 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:05 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 23:21 - 2014-12-09 23:21 - 04752384 _____ () C:\Users\John Rieth\Downloads\Final_review_student_120814.ppt
2014-12-09 20:54 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 20:54 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 20:54 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 20:54 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 20:54 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 20:54 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 20:54 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 20:54 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 20:54 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 20:54 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 20:53 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 20:53 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 20:53 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 20:53 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 20:53 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 20:53 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 20:53 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 20:53 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 20:53 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 20:53 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 20:53 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 20:53 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 20:53 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 20:53 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 20:53 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 20:53 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 20:53 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 20:53 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 20:53 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 20:53 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 20:53 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 20:53 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 20:53 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 20:53 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 20:53 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 20:53 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 20:53 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 20:53 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 20:53 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 20:53 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 20:53 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 20:53 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 20:53 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 20:53 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 20:53 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 20:53 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 20:53 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 20:53 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 20:53 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 20:53 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 20:53 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 20:53 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 20:53 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 20:53 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 20:53 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 20:53 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 20:53 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 20:53 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 20:53 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 20:53 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 20:53 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 20:53 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 20:53 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 20:53 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 20:53 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 20:53 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 20:53 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 20:53 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 20:53 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 20:53 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 20:53 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 20:53 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 20:53 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 20:53 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 20:53 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 20:53 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 20:53 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 20:53 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 20:53 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 16:06 - 2014-12-09 16:06 - 04826112 _____ () C:\Users\John Rieth\Downloads\Final_review_120814.ppt
2014-12-04 22:45 - 2014-12-04 22:49 - 39401336 _____ (Apple Inc.) C:\Users\John Rieth\Downloads\QuickTimeInstaller.exe
2014-12-04 12:19 - 2014-12-05 14:32 - 05793571 _____ () C:\Users\John Rieth\Downloads\Head+and+neck+review.pptx
2014-12-04 08:28 - 2014-12-04 08:28 - 15404883 _____ () C:\Users\John Rieth\Downloads\42larynx.pptx
2014-12-02 08:31 - 2014-12-05 14:34 - 30461554 _____ () C:\Users\John Rieth\Downloads\41sphenopal+paranasal-1.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 00:51 - 2012-12-28 14:55 - 00000000 ____D () C:\ProgramData\WRData
2014-12-30 00:45 - 2014-06-26 15:43 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-30 00:44 - 2012-12-26 23:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-30 00:34 - 2012-12-28 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 00:17 - 2012-12-27 01:09 - 01136633 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 00:14 - 2009-07-13 23:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 00:14 - 2009-07-13 23:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 00:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-30 00:11 - 2014-08-06 22:17 - 00010354 _____ () C:\Windows\setupact.log
2014-12-30 00:07 - 2012-12-27 23:00 - 00000444 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-30 00:05 - 2012-12-28 14:55 - 00000758 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-12-30 00:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 23:53 - 2014-11-15 23:08 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-12-29 23:28 - 2012-12-26 22:58 - 00000000 ____D () C:\Users\John Rieth
2014-12-29 22:21 - 2014-09-27 18:53 - 00000000 ____D () C:\ProgramData\Skype
2014-12-29 22:03 - 2012-12-27 01:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-29 21:53 - 2013-07-23 15:52 - 00000000 ____D () C:\Users\John Rieth\AppData\Local\Unity
2014-12-29 21:51 - 2014-07-22 08:20 - 00000000 ____D () C:\Program Files (x86)\Oasis
2014-12-29 18:46 - 2013-01-03 19:58 - 00000000 ____D () C:\Users\John Rieth\AppData\Local\My Games
2014-12-29 13:00 - 2012-12-27 01:18 - 00000340 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-12-14 21:35 - 2013-03-18 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 21:35 - 2013-03-18 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 18:00 - 2012-12-27 01:18 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-14 13:35 - 2014-06-17 12:37 - 00000000 ____D () C:\Users\John Rieth\Documents\Outlook Files
2014-12-14 03:03 - 2013-03-18 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 13:34 - 2012-12-28 15:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 13:34 - 2012-12-28 15:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 13:34 - 2012-12-28 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 19:11 - 2012-12-28 14:55 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-12-10 19:11 - 2012-12-28 14:55 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-12-10 19:11 - 2012-12-28 14:55 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-12-10 08:10 - 2014-09-14 22:11 - 00000000 ____D () C:\ProgramData\SofTest
2014-12-10 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:38 - 2014-08-13 02:36 - 00011498 _____ () C:\Windows\PFRO.log
2014-12-10 03:35 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:18 - 2012-12-29 01:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:16 - 2013-12-22 15:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:07 - 2013-12-22 15:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-05 07:50 - 2009-07-14 00:13 - 00891194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 10:11 - 2014-06-10 08:39 - 00000000 ____D () C:\Users\John Rieth\Documents\Indiana
 
Some content of TEMP:
====================
C:\Users\John Rieth\AppData\Local\Temp\33110uninstall.exe
C:\Users\John Rieth\AppData\Local\Temp\i4jdel0.exe
C:\Users\John Rieth\AppData\Local\Temp\jfxdbqq.dll
C:\Users\John Rieth\AppData\Local\Temp\Lifecam3.0.204.0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 04:30
 
==================== End Of Log ============================


#3 Jrieth

Jrieth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 December 2014 - 01:16 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by John Rieth at 2014-12-30 01:04:47
Running from C:\Users\John Rieth\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CambridgeSoft Activation Client (HKLM-x32\...\{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft BioAssay 12.0 (HKLM-x32\...\{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemBioOffice 2012 (HKLM-x32\...\{535CDE5A-39D6-46EE-B6E5-9F38D0664D97}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft ChemBioOffice Ultra 2010 (HKLM-x32\...\{D06EF6C2-62D8-4308-897E-B20FE81712B4}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 (HKLM-x32\...\{5C2F3077-DBF4-4931-8186-26A6161B29C3}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemScript 12.0 (HKLM-x32\...\{E145D9BE-D521-4527-A85D-2B2D47725506}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemScript 13.0 (HKLM-x32\...\{B5E0CD7D-992D-4345-BD66-EC580CFA15D1}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft Desktop Inventory 12.0 (HKLM-x32\...\{8C363CB9-9F31-4349-8491-762C42D3FDFB}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ENotebook 12.02 (HKLM-x32\...\{F596E368-2A1D-4896-AB37-C81BFA4DD011}) (Version: 12.0.2 - CambridgeSoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
ChemAxon Marvin Beans 14.11.17.0 (HKLM-x32\...\ChemAxon Marvin Beans 14.11.17.0) (Version:  - ChemAxon)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Europa Universalis IV Wealth of Nations (HKLM-x32\...\Europa Universalis IV Wealth of Nations_is1) (Version:  - )
Fast Free Converter (HKLM-x32\...\Fast Free Converter) (Version: 4.1 - Fast Free Converter) <==== ATTENTION!
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.178 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.178 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
JChem .NET API 14.11.1700.408 (HKLM-x32\...\{E1534075-A48C-46BB-B683-357744134BC2}) (Version: 14.11.1700 - ChemAxon)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5450.10 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mixlr version 2.3.5 (HKLM-x32\...\{F021F776-6BD4-4301-985D-0C1D27EEC8ED}_is1) (Version: 2.3.5 - Mixlr, Ltd.)
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.01.03 - )
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SofTest v11 (HKLM-x32\...\InstallShield_{BFDA0637-08A1-4B56-8F99-01CAA7DDAC87}) (Version: 11.12.20 - Examsoft)
SofTest v11 (x32 Version: 11.12.20 - Examsoft) Hidden
STATISTICA 8.0.725.0 CS (HKLM-x32\...\{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}) (Version: 8.0.725.0 - StatSoft, Inc.)
STATISTICA CambridgeSoft Integration (HKLM-x32\...\{A1E1083D-249D-483C-AD92-CDCFA230A4C7}) (Version: 1.00.0000 - StatSoft, Inc.)
STATNOVAPDF (novaPDF Professional Server 5.4  printer) (HKLM\...\STATNOVAPDF_is1) (Version:  - Softland)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0030 - Lenovo)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.13 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.13 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.18.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0016 - REALTEK Semiconductor Corp.)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.61 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
VH Dissector Pro (HKLM-x32\...\{0db8ab09-4370-48db-93b8-daf1ce0567b6}) (Version: 5.2.30 - Touch of Life Technologies, Inc.)
VH Dissector Pro (x32 Version: 5.2.30 - Touch of Life Technologies, Inc.) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)
Windows Driver Package - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0) (HKLM\...\D458D719D6B055DC5E3DF88140ADE887B29FB396) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-12-2014 19:00:42 Windows Backup
18-12-2014 03:00:15 Windows Update
21-12-2014 03:30:15 Windows Update
21-12-2014 19:00:29 Windows Backup
24-12-2014 22:19:22 Windows Update
28-12-2014 02:56:48 Windows Update
28-12-2014 19:00:38 Windows Backup
29-12-2014 22:20:11 Removed Skype™ 4.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {198F7E71-569C-4BB3-980A-F3B1DBA2A198} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-02-04] (Lenovo Group Limited)
Task: {1A948107-DCCD-4AD2-9151-DC9233E6A182} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {1D35542A-4D86-4DCE-A388-87A5DE0ECA85} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {34F3648B-B41D-4AC7-8DCB-88CA7AA86575} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3FB3C760-3091-4FDA-8124-C8A0F8F367C0} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {61587956-D5FB-494C-8BFC-256A8442CDF8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdlauncher.exe [2009-11-20] (PC-Doctor, Inc.)
Task: {639B05A9-8986-45AF-ACFD-302743C74AB2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28] (PC-Doctor, Inc.)
Task: {6682EB8D-9097-4280-9980-2B810DD5B156} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {69E9E264-B240-433D-B80E-9C9E15AE0506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-30] (Google Inc.)
Task: {9A8E6849-F2D2-4891-9D67-ADC488357036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-30] (Google Inc.)
Task: {AF65B78C-1984-47EA-86A8-C4756D686F5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {C1274AE3-9E6D-4477-9300-BF154C2B51DE} - System32\Tasks\{A6239250-BF88-4EA7-A310-255F19BBCDFA} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {CD7DBDF4-A5CC-4C66-8B9D-AC672F8D6965} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {E8EF36DE-4108-4BEE-849C-8C31FFF31DBB} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {F8E6E464-82DE-4F88-9A43-CDD2AEF19ABE} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdlauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-29 02:45 - 2013-07-29 02:45 - 00193024 _____ () C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
2014-11-15 22:24 - 2014-12-29 23:53 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
2010-03-01 14:13 - 2010-03-01 14:13 - 00020480 ____N () C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-30 01:01 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-30 01:01 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-30 01:02 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-30 01:01 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 00718152 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\libglesv2.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 00126280 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\libegl.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 08537928 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\pdf.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 00353096 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 01732936 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\ffmpegsumo.dll
2014-12-30 00:14 - 2014-12-30 00:14 - 00310088 _____ () C:\Users\John Rieth\AppData\LocalLow\EmieBrowserModeList\Gdpxiqkzohep\njdomqdra\36.0.1985.143\libexif.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:C337006C
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes1\iTunesHelper.exe"
MSCONFIG\startupreg: Message Center Plus => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: SDP => C:\Users\John Rieth\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TPHOTKEY => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2173461512-1696620524-436504095-500 - Administrator - Disabled)
Guest (S-1-5-21-2173461512-1696620524-436504095-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2173461512-1696620524-436504095-1006 - Limited - Enabled)
John Rieth (S-1-5-21-2173461512-1696620524-436504095-1000 - Administrator - Enabled) => C:\Users\John Rieth
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (12/30/2014 00:05:59 AM) (Source: FastFreeConverter) (EventID: 2) (User: )
Description: Can't download info about new versions from: http://www.fastfreeconverter.com/fastfreeconverter/updater/u.php?timestamp=1419915959&app_id=e479590a27a8b17f1c497d37f63a4873&version=5.6&updaterVersion=1.0.4&channel=Somoto2, to local path: C:\Windows\TEMP\FastFreeConverterUpdt_update.txt
 
 
System errors:
=============
Error: (12/30/2014 00:48:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:46:22 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:34:47 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:19:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:17:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.191.1055.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (12/30/2014 00:12:46 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:12:43 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:12:14 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/30/2014 00:11:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: 
%%1056
 
Error: (12/30/2014 00:10:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900
 
Error: (12/30/2014 00:07:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900
 
Error: (12/30/2014 00:05:59 AM) (Source: FastFreeConverter) (EventID: 2) (User: )
Description: Can't download info about new versions from: http://www.fastfreeconverter.com/fastfreeconverter/updater/u.php?timestamp=1419915959&app_id=e479590a27a8b17f1c497d37f63a4873&version=5.6&updaterVersion=1.0.4&channel=Somoto2, to local path: C:\Windows\TEMP\FastFreeConverterUpdt_update.txt
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-30 19:47:25.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AQ17.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 21:51:27.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AQ17.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 3891.67 MB
Available physical RAM: 1398.93 MB
Total Pagefile: 7781.52 MB
Available Pagefile: 2735.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:153.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:0 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: A8C4E3D3)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Jrieth

Jrieth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 30 December 2014 - 01:52 AM

The error is located here:

 

AppData\LocalLow\EmieBrowserModeList






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users