Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think Computer Is Infected with Malware! - Blank Black Screen at Startup


  • Please log in to reply
16 replies to this topic

#1 acrid

acrid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 02 January 2015 - 11:24 AM

Hello,

 

I think my computer is infected with some sort of malware and I am looking for help in resolving the issue.  My symptoms are this:  My computer was running extremely slow and I feared it was infected so I ran malwarebytes to see if anyrhing came up and it did. I deleted the infected files and restarted my computer.  Then all hell broke lose and now the screen is just black with a cursor in the center. I have tried to see what this means and I can just tell you this i can log in normally and force run explorere and everything seems to work fine from there, but it wont work on its own. I hope you can help. 

 

PS: This is my first post and not too good with computers so go easy on me.  

 

Here is my DDS Log:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Andrew at 11:17:41 on 2015-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16267.10768 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\CAM\bin\CAMService.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PaperCut NG Client\pc-client.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Andrew\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Windows\system32\msiexec.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
mStart Page = www.google.com
uProxyOverride = 192.168.*.*;<local>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [X-Rite Legacy Device] C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
mRun: [PaperCut NG Client] "C:\Program Files (x86)\PaperCut NG Client\pc-client.exe" /silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORC~2.LNK - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Gamma\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORC~1.LNK - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDI~1.LNK - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\2456C6B696E6F5039303349363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\2656C6B696E6E2530383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\7523C42333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
x64-mStart Page = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [ALCKRESI.EXE] "C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-6-14 29512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-12 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-12 28008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-11-15 30496]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-10-30 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-10-30 931448]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-15 23664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [2014-12-13 1586904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20150101.001\IDSviA64.sys [2015-1-1 637656]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-12-29 15472]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-11-15 284448]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-10-30 171128]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-10-30 386168]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-7-20 599944]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 772064]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-2-7 31192]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 CAMService;CAM Service;C:\Program Files\Intel\CAM\bin\CAMService.exe [2014-8-12 1243344]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-6-14 198784]
R2 i1 Display Service;X-Rite Device i1 Display;C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [2011-7-15 163328]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2013-1-11 213440]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-1-12 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-1-2 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-1-12 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-14 86016]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-3-25 223088]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-1-31 132056]
R2 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-6-14 1668896]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-1-12 1664800]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-6-14 98816]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-9-17 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-9-17 157776]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [2011-10-30 137224]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2014-1-12 446800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-28 383776]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2015-1-2 125424]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2015-1-2 125488]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-14 2595832]
R2 WDDMService.exe;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-8-17 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-12 628040]
R2 xritedeviced;X-Rite Device Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [2011-6-14 142848]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-8-18 3817168]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2014-1-12 166016]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-12-2 45296]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-6-14 425000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-6-14 39464]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-1-15 35840]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-21 110336]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-6-14 319536]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-30 1357104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2015-1-2 619776]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-12-3 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-8-18 265936]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-6-14 31152]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-30 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-21 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 380064]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2015-01-02 08:54:25 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-02 06:58:38 -------- d-----w- C:\Windows\pss
2015-01-02 06:22:28 0 ----a-w- C:\Users\Andrew\.uc-8f873961e18830af221f6f73232aaac7.andrew.andrew-think.tmp
2015-01-02 05:47:34 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3587AC88-9310-4EFC-932A-430F12620D91}\mpengine.dll
2014-12-21 17:34:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-21 07:07:50 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-21 07:07:50 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 00:32:36 11870360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-12-10 02:58:40 -------- d-----w- C:\ProgramData\Nero
2014-12-10 02:22:14 -------- d-----w- C:\Windows\System32\hotspot
2014-12-10 02:21:38 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 01:51:38 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 01:51:38 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 01:51:38 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 01:51:38 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 01:51:38 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 01:51:38 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 01:51:38 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 01:51:38 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 01:51:38 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 01:51:38 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 01:41:58 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 01:36:56 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-10 01:36:56 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 01:36:55 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 01:36:55 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 01:36:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 01:36:55 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 01:36:55 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 01:36:55 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 01:36:54 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 01:36:54 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 01:36:26 -------- d-----w- C:\Program Files (x86)\Dell
.
==================== Find3M  ====================
.
2014-12-10 01:34:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 01:34:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 01:47:48 1247904 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-14 10:36:32 84208 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2014-11-14 10:36:32 72432 ----a-w- C:\Windows\System32\ibmpmctl.exe
2014-11-14 10:36:32 60112 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2014-11-14 10:36:32 40176 ----a-w- C:\Windows\System32\tpinspm.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:20:45.75 ===============

Edited by hamluis, 02 January 2015 - 11:31 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 07 January 2015 - 11:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561829 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 January 2015 - 12:01 PM

Hello,

 

Yes I still do need help. Like I stated above I ran malewarebytes because I thought I was having malware issues. Well when i deleted the infected files I could no longer see my screen once I logged on. I am however able to CTRL, ALT, DLT and force run explorer.exe. This allows me to use the computer the same way as before and it seems to be running more smoothly than before the malewarebytes. Im hoping you could help me to get my login issues fixed. I'm not too good with computers and have been using the computer the past few days so i am going to paste in a new DDS log I ran this morning.  I also do not have the original Windows discs.   Hope to hear from a team member soon.

 

Best, 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Andrew at 11:44:31 on 2015-01-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16267.10961 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\CAM\bin\CAMService.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PaperCut NG Client\pc-client.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Andrew\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\splwow64.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.EXE
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
mStart Page = www.google.com
uProxyOverride = 192.168.*.*;<local>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [X-Rite Legacy Device] C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
mRun: [PaperCut NG Client] "C:\Program Files (x86)\PaperCut NG Client\pc-client.exe" /silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORC~2.LNK - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Gamma\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORC~1.LNK - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDI~1.LNK - C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\2456C6B696E6F5039303349363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\2656C6B696E6E2530383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A0252F53-1B2B-4B29-B8A1-8D6920756CDD}\7523C42333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
x64-mStart Page = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [ALCKRESI.EXE] "C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-6-14 29512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-12 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-12 28008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-11-15 30496]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys [2011-10-30 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys [2011-10-30 931448]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-12-15 23664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [2014-12-13 1586904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20150106.001\IDSviA64.sys [2015-1-7 637656]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-12-29 15472]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-11-15 284448]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys [2011-10-30 171128]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys [2011-10-30 386168]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-7-20 599944]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 772064]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-2-7 31192]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 CAMService;CAM Service;C:\Program Files\Intel\CAM\bin\CAMService.exe [2014-8-12 1243344]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-6-14 198784]
R2 i1 Display Service;X-Rite Device i1 Display;C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [2011-7-15 163328]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2013-1-11 213440]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-1-12 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2015-1-2 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-1-12 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-14 86016]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-3-25 223088]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-1-31 132056]
R2 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-6-14 1668896]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-6-14 98816]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2014-1-12 166016]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-12-2 45296]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-6-14 425000]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-6-14 39464]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-1-15 35840]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-21 110336]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-6-14 319536]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-30 1357104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2015-1-2 619776]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-12-3 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-8-18 265936]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-6-14 31152]
S3 PrintNotify;Printer Extensions and Notifications;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-30 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-21 206080]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [2011-10-30 29664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2015-01-06 12:26:41 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6149B384-CD59-4314-BD42-64674584F238}\offreg.dll
2015-01-06 12:23:12 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6149B384-CD59-4314-BD42-64674584F238}\mpengine.dll
2015-01-03 22:36:37 -------- dc-h--w- C:\ProgramData\{D9F9C87D-6338-4977-AD5C-EE6EE6F6B6EC}
2015-01-03 22:36:31 -------- dc-h--w- C:\ProgramData\{7E8842F4-ECF1-457B-9B22-AA8299B810D9}
2015-01-03 22:36:30 -------- d-----w- C:\Users\Andrew\AppData\Local\PackageAware
2015-01-03 22:36:07 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
2015-01-03 22:36:06 -------- d-----w- C:\Program Files (x86)\Topaz Labs
2015-01-03 22:36:05 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
2015-01-02 08:54:25 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-02 06:58:38 -------- d-----w- C:\Windows\pss
2015-01-02 06:22:28 0 ----a-w- C:\Users\Andrew\.uc-8f873961e18830af221f6f73232aaac7.andrew.andrew-think.tmp
2014-12-21 17:34:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-21 07:07:50 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-21 07:07:50 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 00:32:36 11870360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2014-12-10 02:58:40 -------- d-----w- C:\ProgramData\Nero
2014-12-10 02:22:14 -------- d-----w- C:\Windows\System32\hotspot
2014-12-10 02:21:38 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 01:51:38 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-10 01:51:38 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 01:51:38 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 01:51:38 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 01:51:38 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-10 01:51:38 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-10 01:51:38 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-10 01:51:38 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-10 01:51:38 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-10 01:51:38 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-10 01:41:58 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-10 01:36:56 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-10 01:36:56 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 01:36:55 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 01:36:55 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 01:36:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 01:36:55 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 01:36:55 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 01:36:55 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 01:36:54 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 01:36:54 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 01:36:26 -------- d-----w- C:\Program Files (x86)\Dell
.
==================== Find3M  ====================
.
2014-12-10 01:34:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 01:34:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 01:47:48 1247904 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-14 10:36:32 84208 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2014-11-14 10:36:32 72432 ----a-w- C:\Windows\System32\ibmpmctl.exe
2014-11-14 10:36:32 60112 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2014-11-14 10:36:32 40176 ----a-w- C:\Windows\System32\tpinspm.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:46:52.65 ===============


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 08 January 2015 - 05:45 AM

Hello, acrid
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the t_reply.gif button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.




Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 08 January 2015 - 09:10 AM

Hello Tom,

 

Thanks for your help. Just a quick side question. Is it alright that I am using my computer during the fix as long as I am not installing/unistalling anything or any of the other task you stated above?

 

Here is the FRST log.  

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Andrew (administrator) on ANDREW-THINK on 08-01-2015 09:04:06
Running from C:\Users\Andrew\Desktop
Loaded Profile: Andrew (Available profiles: UpdatusUser & Andrew)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Acresso Software Inc.) C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
(Acresso Software Inc.) C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
() C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
() C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
() C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\PaperCut NG Client\pc-client.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Autodesk Inc.) C:\Users\Andrew\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63776 2014-07-10] (Lenovo)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [X-Rite Legacy Device] => C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe [105984 2010-09-28] (X-Rite Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [PC Cleaners] => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
HKLM-x32\...\Run: [PaperCut NG Client] => C:\Program Files (x86)\PaperCut NG Client\pc-client.exe [274432 2014-02-04] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [ccApp] => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-11-26] (Autodesk Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-08-26] ()
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Google Update] => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-02] (Google Inc.)
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Facebook Update] => C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [DriverBoost] => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: {56cdc146-96ca-11e0-8bd4-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: {ac47cc95-f012-11e2-8eec-f0def169692e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: {bed787f4-c879-11e0-ba55-f0def169692e} - E:\setup.exe -a
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: {e551086e-78db-11e2-a14c-f0def169692e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\MountPoints2: {e78689fb-3933-11e2-84d4-f0def169692e} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Color Calibrator Gamma.lnk
ShortcutTarget: Color Calibrator Gamma.lnk -> C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Color Calibrator Tray.lnk
ShortcutTarget: Color Calibrator Tray.lnk -> C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKU\S-1-5-21-356921038-4143767964-2174389936-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {0D9BC68D-045C-4F7D-8279-977A155D7516} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0D9BC68D-045C-4F7D-8279-977A155D7516} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {63943CDA-1D10-4E94-99AD-6596E092B0E3} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {63943CDA-1D10-4E94-99AD-6596E092B0E3} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-356921038-4143767964-2174389936-1001 -> 984F220B0480455FBD4FBF7EA1001BE1 URL = http://answers.vt.edu/kb/search/?s=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-356921038-4143767964-2174389936-1001 -> {0D9BC68D-045C-4F7D-8279-977A155D7516} URL = 
SearchScopes: HKU\S-1-5-21-356921038-4143767964-2174389936-1001 -> {63943CDA-1D10-4E94-99AD-6596E092B0E3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-356921038-4143767964-2174389936-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default
FF SelectedSearchEngine: Mysearchdial
FF Keyword.URL: 
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-356921038-4143767964-2174389936-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andrew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-356921038-4143767964-2174389936-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-356921038-4143767964-2174389936-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\searchplugins\bingp.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\Extensions\2020Player_IKEA@2020Technologies.com [2012-08-01]
FF Extension: LavaFox V2-Blue - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\Extensions\djziggy@gmail.com [2012-10-12]
FF Extension: InvisibleHand - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-01-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF [2013-10-07]
FF Extension: No Name - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-14]
CHR Extension: (Black carbon + silver metal) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-11-26] (Autodesk Inc.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [1500424 2008-11-06] (Acresso Software Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-08-12] (Intel® Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-09-10] (Lenovo.)
R2 i1 Display Service; C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [163328 2010-09-28] (X-Rite Inc.) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-03-25] ()
S2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe [6107136 2012-12-13] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132056 2012-07-17] (Symantec Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675200 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [137224 2011-10-30] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe [2594816 2011-10-30] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WDDMService.exe; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-08-17] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [628040 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [142848 2010-09-28] (X-Rite Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
U3 EraserUtilDrv11411; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [142640 2014-12-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20150107.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150107.020\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150107.020\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-14] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-10-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-10-30] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [29664 2011-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-10-30] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-10-30] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [118768 2012-03-02] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S0 cirli; System32\drivers\trdxpwqk.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
U3 SPBBCDrv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 09:04 - 2015-01-08 09:05 - 00040541 _____ () C:\Users\Andrew\Desktop\FRST.txt
2015-01-08 09:03 - 2015-01-08 09:04 - 00000000 ____D () C:\FRST
2015-01-08 09:02 - 2015-01-08 09:02 - 02124288 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64 (1).exe
2015-01-08 09:02 - 2015-01-08 09:02 - 02124288 _____ (Farbar) C:\Users\Andrew\Desktop\frst64.exe
2015-01-07 11:47 - 2015-01-07 11:47 - 00022699 _____ () C:\Users\Andrew\Desktop\attach.txt
2015-01-07 11:47 - 2015-01-07 11:46 - 00037725 _____ () C:\Users\Andrew\Desktop\dds.txt
2015-01-05 17:50 - 2015-01-05 17:51 - 21501072 _____ () C:\Users\Andrew\Downloads\Scratched Leather.mat.zip
2015-01-05 17:50 - 2015-01-05 17:50 - 12428111 _____ () C:\Users\Andrew\Downloads\varnished_wood_2.mat.zip
2015-01-05 17:50 - 2015-01-05 17:50 - 12253704 _____ () C:\Users\Andrew\Downloads\varnished_wood.mat.zip
2015-01-05 17:50 - 2015-01-05 17:50 - 03507086 _____ () C:\Users\Andrew\Downloads\Sand.mat.zip
2015-01-05 17:50 - 2015-01-05 17:50 - 00043424 _____ () C:\Users\Andrew\Downloads\Semi-Calm_Lake_Water.mat.zip
2015-01-05 17:50 - 2015-01-05 17:50 - 00010194 _____ () C:\Users\Andrew\Downloads\WavyWater.mat.zip
2015-01-05 17:49 - 2015-01-05 17:50 - 32059058 _____ () C:\Users\Andrew\Downloads\Lis Surface.mat.zip
2015-01-05 17:49 - 2015-01-05 17:50 - 11074784 _____ () C:\Users\Andrew\Downloads\Woods_by_Darren_(Sintra).mat.zip
2015-01-05 17:49 - 2015-01-05 17:50 - 09841035 _____ () C:\Users\Andrew\Downloads\Limburg.mat.zip
2015-01-05 17:49 - 2015-01-05 17:50 - 07092248 _____ () C:\Users\Andrew\Downloads\Ivy_mat_pack -SE- by Samuele_dentex_Rini.mat.zip
2015-01-05 17:49 - 2015-01-05 17:49 - 17838279 _____ () C:\Users\Andrew\Downloads\Lis LR Floors.mat.zip
2015-01-05 17:49 - 2015-01-05 17:49 - 06468917 _____ () C:\Users\Andrew\Downloads\LANDSCAPE.mat.zip
2015-01-05 17:49 - 2015-01-05 17:49 - 05851784 _____ () C:\Users\Andrew\Downloads\Lis Misc.mat.zip
2015-01-05 17:49 - 2015-01-05 17:49 - 03164098 _____ () C:\Users\Andrew\Downloads\new_fabrics_1.mat.zip
2015-01-05 17:49 - 2015-01-05 17:49 - 00872823 _____ () C:\Users\Andrew\Downloads\Asphalt.mat.zip
2015-01-05 17:48 - 2015-01-05 17:50 - 36550549 _____ () C:\Users\Andrew\Downloads\Arroway-Concrete.mat.zip
2015-01-05 17:48 - 2015-01-05 17:49 - 07229369 _____ () C:\Users\Andrew\Downloads\Carbons.mat.zip
2015-01-05 17:47 - 2015-01-05 17:51 - 106538398 _____ () C:\Users\Andrew\Downloads\Arroway Tiles.mat.zip
2015-01-05 17:46 - 2015-01-05 17:48 - 25333137 _____ () C:\Users\Andrew\Downloads\Arroway LR Tiles.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 17568692 _____ () C:\Users\Andrew\Downloads\Bricks_-_Jag.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 04374053 _____ () C:\Users\Andrew\Downloads\New_wood_AA01.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 00999729 _____ () C:\Users\Andrew\Downloads\Metals and Car Paints.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 00322770 _____ () C:\Users\Andrew\Downloads\Metals_Ashikhmin_MLT.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 00300443 _____ () C:\Users\Andrew\Downloads\Basic Plastics.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 00296531 _____ () C:\Users\Andrew\Downloads\Ceramic Tiles.mat.zip
2015-01-05 17:46 - 2015-01-05 17:46 - 00035843 _____ () C:\Users\Andrew\Downloads\Illuminants.mat.zip
2015-01-05 17:45 - 2015-01-05 17:46 - 00216416 _____ () C:\Users\Andrew\Downloads\Basic Glasses.mat.zip
2015-01-05 17:43 - 2015-01-05 17:44 - 19720619 _____ () C:\Users\Andrew\Downloads\HightresSkies.gbl.zip
2015-01-05 17:43 - 2015-01-05 17:43 - 12353348 _____ () C:\Users\Andrew\Downloads\TreelineSkies.gbl.zip
2015-01-05 17:43 - 2015-01-05 17:43 - 04506624 _____ () C:\Users\Andrew\Downloads\Antique_Mirrors.mat.zip
2015-01-05 17:42 - 2015-01-05 17:48 - 136757855 _____ () C:\Users\Andrew\Downloads\HdriSkiesByRayman.zip
2015-01-05 17:42 - 2015-01-05 17:44 - 15423354 _____ () C:\Users\Andrew\Downloads\HDRProbe.gbl.zip
2015-01-05 17:42 - 2015-01-05 17:43 - 12329878 _____ () C:\Users\Andrew\Downloads\CD_Skies.gbl.zip
2015-01-05 17:42 - 2015-01-05 17:43 - 04610422 _____ () C:\Users\Andrew\Downloads\Basic Skies.gbl.zip
2015-01-05 17:19 - 2015-01-05 17:19 - 00054247 _____ () C:\Users\Andrew\Downloads\SU2KT_3_17+.zip
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 __HDC () C:\ProgramData\{D9F9C87D-6338-4977-AD5C-EE6EE6F6B6EC}
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 __HDC () C:\ProgramData\{7E8842F4-ECF1-457B-9B22-AA8299B810D9}
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PackageAware
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 ____D () C:\Program Files\Common Files\Topaz Labs
2015-01-03 17:36 - 2015-01-03 17:36 - 00000000 ____D () C:\Program Files (x86)\Topaz Labs
2015-01-03 17:34 - 2015-01-03 20:00 - 65398928 _____ () C:\Users\Andrew\Downloads\topazadjust5_setup.exe
2015-01-02 11:17 - 2015-01-02 11:17 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2015-01-02 11:14 - 2015-01-02 11:14 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2015-01-02 03:54 - 2015-01-02 03:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-02 03:51 - 2015-01-02 03:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-02 03:46 - 2015-01-02 03:46 - 36904648 _____ (Microsoft Corporation) C:\Users\Andrew\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-02 02:30 - 2015-01-02 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-01-02 01:58 - 2015-01-02 02:06 - 00000000 ____D () C:\Windows\pss
2015-01-02 01:22 - 2015-01-02 01:22 - 00000000 _____ () C:\Users\Andrew\.uc-8f873961e18830af221f6f73232aaac7.andrew.andrew-think.tmp
2014-12-27 09:20 - 2014-12-27 09:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 12:39 - 2014-12-21 12:39 - 00003746 _____ () C:\Windows\System32\Tasks\Andrew1 Merge
2014-12-21 12:39 - 2014-12-21 12:39 - 00003730 _____ () C:\Windows\System32\Tasks\Andrew1
2014-12-21 12:34 - 2014-12-21 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-21 12:34 - 2014-12-21 12:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-21 12:34 - 2014-12-21 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-21 12:34 - 2014-12-21 12:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-21 12:34 - 2014-12-21 12:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 02:07 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 02:07 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 21:58 - 2014-12-09 21:58 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2014-12-09 21:58 - 2014-12-09 21:58 - 00000000 ____D () C:\ProgramData\Nero
2014-12-09 21:58 - 2014-12-09 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Windows\system32\hotspot
2014-12-09 21:21 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 20:51 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 20:51 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 20:51 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-09 20:51 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-09 20:51 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-09 20:51 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-09 20:51 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-09 20:51 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-09 20:51 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-09 20:51 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 20:42 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 20:42 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 20:42 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 20:42 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 20:42 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 20:42 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 20:42 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 20:42 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 20:42 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 20:42 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 20:42 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 20:42 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 20:42 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 20:42 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 20:42 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 20:42 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 20:42 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 20:42 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 20:42 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 20:42 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 20:42 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 20:42 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 20:42 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 20:42 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 20:42 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 20:41 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 20:41 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 20:41 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 20:41 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 20:41 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 20:41 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 20:41 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 20:41 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 20:41 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 20:41 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 20:41 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 20:41 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 20:41 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 20:41 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 20:41 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 20:41 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 20:41 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 20:41 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 20:41 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 20:41 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 20:41 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 20:41 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 20:41 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 20:41 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 20:41 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 20:41 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 20:41 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 20:41 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 20:41 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 20:36 - 2014-12-09 20:56 - 00001170 _____ () C:\Users\Public\Desktop\Dell Display Manager.lnk
2014-12-09 20:36 - 2014-12-09 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-12-09 20:36 - 2014-12-09 20:36 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-12-09 20:36 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 20:36 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 20:36 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 20:36 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 20:36 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 20:36 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 20:36 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 20:36 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 20:36 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 20:36 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 20:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 20:35 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 20:35 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 20:35 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 20:35 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 20:35 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 20:35 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 20:35 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 20:35 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 20:35 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 20:35 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 20:35 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 20:35 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 20:35 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 20:35 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 08:57 - 2011-06-14 16:33 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-01-08 08:42 - 2012-05-02 23:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job
2015-01-08 08:34 - 2012-04-08 11:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 08:34 - 2011-08-11 20:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 07:54 - 2012-02-28 12:58 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job
2015-01-08 07:24 - 2011-06-14 16:12 - 01978632 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 07:18 - 2011-07-15 09:36 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27FDAE29-8DAD-4189-ABEB-F6FCF00EB88C}
2015-01-08 04:38 - 2012-09-30 11:35 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Akamai
2015-01-08 02:34 - 2011-08-11 20:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 02:07 - 2011-08-15 20:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2015-01-07 23:16 - 2009-07-13 23:51 - 00177398 _____ () C:\Windows\setupact.log
2015-01-07 20:42 - 2012-05-02 23:32 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job
2015-01-07 16:54 - 2012-02-28 12:58 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job
2015-01-07 10:26 - 2012-10-04 09:26 - 00000432 _____ () C:\Windows\Tasks\pc-dis-upd.job
2015-01-05 04:47 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 04:47 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 11:12 - 2009-07-14 00:13 - 00879990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 11:11 - 2013-12-18 15:28 - 00000000 ___RD () C:\Users\Andrew\Dropbox
2015-01-02 11:11 - 2013-12-18 15:26 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Dropbox
2015-01-02 11:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2015-01-02 11:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 11:03 - 2011-06-14 16:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-02 08:51 - 2013-09-02 15:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-02 08:51 - 2012-10-04 09:31 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-02 08:51 - 2012-09-30 11:47 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Autodesk
2015-01-02 08:51 - 2011-07-15 06:45 - 00000000 ____D () C:\Users\Andrew
2015-01-02 08:51 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-02 08:46 - 2011-06-14 16:31 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-02 08:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-02 05:26 - 2010-11-20 22:47 - 00856142 _____ () C:\Windows\PFRO.log
2015-01-02 04:55 - 2014-01-12 15:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\genienext
2015-01-02 04:55 - 2014-01-12 15:17 - 00000000 ____D () C:\ProgramData\Systweak
2015-01-02 04:55 - 2014-01-12 15:16 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\systweak
2015-01-02 04:55 - 2012-05-12 19:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CRE
2015-01-02 02:54 - 2011-06-14 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-02 02:46 - 2013-09-08 15:45 - 00000000 ____D () C:\Climate5.4
2015-01-02 02:41 - 2011-06-14 16:33 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-01-02 02:39 - 2011-06-14 16:33 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-21 12:35 - 2014-01-03 11:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 01:57 - 2013-12-18 15:27 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-21 01:51 - 2011-06-14 16:33 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-21 01:49 - 2012-05-12 10:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-21 01:49 - 2012-05-12 10:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-16 19:22 - 2011-06-14 16:33 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-16 19:20 - 2014-01-16 17:00 - 00002037 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-12-16 19:20 - 2011-09-22 16:53 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-12-16 19:20 - 2011-09-22 16:53 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-12-16 19:20 - 2011-09-22 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-12-16 19:19 - 2012-05-02 23:32 - 00002385 _____ () C:\Users\Andrew\Desktop\Google Chrome.lnk
2014-12-14 03:02 - 2012-05-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 03:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 00:57 - 2014-01-12 15:16 - 00000319 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2014-12-09 21:59 - 2014-08-09 11:53 - 00003512 _____ () C:\Windows\System32\Tasks\Andrew DBAgent 2 0
2014-12-09 21:59 - 2014-08-09 11:52 - 00003524 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-12-09 21:49 - 2013-03-11 13:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 21:45 - 2011-07-15 06:47 - 00186880 _____ () C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 21:28 - 2009-07-13 23:45 - 05164088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 21:21 - 2014-05-03 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-09 21:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-09 21:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 21:18 - 2011-07-15 07:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 21:16 - 2013-02-21 15:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-09 21:10 - 2013-08-17 18:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 20:34 - 2012-04-08 11:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:34 - 2012-04-08 11:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 20:34 - 2012-01-13 13:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\66b4be3c-8638-499e-84e1-95a074e746e2.setup.exe
C:\Users\Andrew\AppData\Local\Temp\AcDeltree.exe
C:\Users\Andrew\AppData\Local\Temp\contentDATs.exe
C:\Users\Andrew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkwlzx.dll
C:\Users\Andrew\AppData\Local\Temp\Execute2App.exe
C:\Users\Andrew\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Andrew\AppData\Local\Temp\GUREC23.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Andrew\AppData\Local\Temp\msvcp90.dll
C:\Users\Andrew\AppData\Local\Temp\msvcr90.dll
C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe
C:\Users\Andrew\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Andrew\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Andrew\AppData\Local\Temp\setup.exe
C:\Users\Andrew\AppData\Local\Temp\Sqlite3.dll
C:\Users\Andrew\AppData\Local\Temp\SUABnRRemoveAll.exe
C:\Users\Andrew\AppData\Local\Temp\topazfusion2_setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:22
 

 

==================== End Of Log ============================
 
 
 
And the Addition log you asked for as well.
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Andrew at 2015-01-08 09:05:36
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Akamai NetSession Interface (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
ArcGIS Desktop 10 (HKLM-x32\...\ArcGIS Desktop 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop 10 (x32 Version: 10.0.2414 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS License Manager 10 (x32 Version: 10.0.2414 - Environmental Systems Research Institute, Inc.) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2015 - English (Version: 20.0.210.0 - Autodesk) Hidden
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD Civil 3D 2013 - English (Version: 10.0.1111.0 - Autodesk) Hidden
AutoCAD Civil 3D 2013 (HKLM\...\AutoCAD Civil 3D 2013) (Version: 10.0.1111.0 - Autodesk)
AutoCAD Civil 3D 2013 (Version: 10.0.1111.0 - Autodesk) Hidden
AutoCAD Civil 3D 2013 64 Bit Object Enabler on AutoCAD 2013 - English - English (United States) (HKLM\...\{24965A1F-E643-4A81-809E-62CEFFDDAD6E}) (Version: 1111.0 - Autodesk, Inc.)
AutoCAD Civil 3D 2013 Language Pack - English (Version: 10.0.1111.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.2.475.0 - Autodesk)
Autodesk 3ds Max 2014 (Version: 16.2.475.0 - Autodesk) Hidden
Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk)
Autodesk 3ds Max 2014 SP2 (HKLM\...\Autodesk 3ds Max 2014 HF1) (Version: 16.2.475.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.66.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2015 - English SP2 (HKLM\...\AutoCAD 2015 - English SP2) (Version: 20.0.210.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{7B3A3142-5801-48F2-819B-515818EFE696}) (Version: 4.34.2701 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{CCA78313-443C-4674-81B8-88919D137258}) (Version: 2.0.2.0 - Autodesk, Inc.)
Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
Dropbox (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
F/X Server (HKLM-x32\...\{E0D1E371-E66B-467A-A924-C760D4CAA9A5}) (Version: 9.90.0000 - Ecografx, Inc.)
F/X Workstation (HKLM\...\{EEC0760F-4DAB-4785-9ED6-F8BFC33C67A9}) (Version: 10.00.0 - Ecografx, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIS Tutorial 1 - Student Resources (HKLM-x32\...\{46593D89-0601-4811-A5CC-B32F3C88378C}) (Version: 1.00.0000 - ESRI)
Google Chrome (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
MotoHelper 2.0.49 Driver  (HKLM-x32\...\MotoHelper) (Version: 2.0.49 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM\...\{6A9A3ACF-1016-4D96-BA39-7FB78DF090BC}) (Version: 5.1.12 - Oracle Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Server 5.1 (HKLM-x32\...\{3B4516A7-B903-4790-A3EC-541CAC3B5BD4}) (Version: 5.1.67 - Oracle Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
NVIDIA 3D Vision Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PANTONE Color Calibrator 1.0 (HKLM-x32\...\PANTONE Color Calibrator_is1) (Version:  - X-Rite)
PaperCut NG Client 13.3 (HKLM-x32\...\PaperCut NG Client_is1) (Version:  - PaperCut Software International Pty Ltd)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rhinoceros 4.0 SR9 (HKLM-x32\...\{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}) (Version: 4.0.60309 - Robert McNeel & Associates)
RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.11.0 - Lenovo Group Limited)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{19B62EDC-C108-4393-B3F1-8A813096CC8E}) (Version: 12.1.1000.157 - Symantec Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.23 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Update for Zip Opener (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Digital Sites) (Version:  - Update for Zip Opener) <==== ATTENTION
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VTnet 2011 (x32 Version: 1.00.000 - Virginia Tech) Hidden
VT-SEPVersion checks for latest updates of Symantec Endpoint Protection (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\SEPVersion) (Version:  - )
WD SmartWare (HKLM\...\{9BAC619B-B811-4318-8C27-B11DDF3F1719}) (Version: 1.1.0.2 - Western Digital)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.11839 - WinZip Computing, S.L. (WinZip Computing))
X-Rite Device i1Display Service (HKLM-x32\...\{D2A53206-6A9E-4241-B21C-D94140EEF1CE}_is1) (Version: 1.0 - X-Rite Inc.)
X-Rite Device Manager (HKLM-x32\...\{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1) (Version: 1.0 - X-Rite Inc.)
Yontoo Layers Runtime (Drop Down Deals) 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
Zip Opener Packages (HKU\S-1-5-21-356921038-4143767964-2174389936-1001\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-356921038-4143767964-2174389936-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andrew\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
06-01-2015 07:22:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {007B55FC-7109-4E39-AC4F-27BB41899E73} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {05664616-CB52-4001-A9E9-8957B1A96D67} - System32\Tasks\Andrew => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {06CAEBBC-FFAA-40A1-B378-31DDFE5BCA61} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {0A2DA9E6-3078-4C4D-B991-EA3AFCA79A5C} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2014-09-13] (Lenovo)
Task: {12C40D94-BF80-48CD-834F-A5F1E138C046} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {1FF0BFF1-40D0-494B-A04E-86006A90362C} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-09] ()
Task: {2BDDFB45-63FD-4030-B2DB-9082B04EB6A1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-07-28] (Synaptics Incorporated)
Task: {303CC85F-A68A-49E4-A727-E0B84D1B27F0} - System32\Tasks\pc-dis-upd => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe <==== ATTENTION
Task: {3C0C62B5-46B6-4E6A-9F3C-714CD2EE7EB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.)
Task: {3CE7D732-FA76-4CEE-BE1F-BADA18A98321} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core => C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {40057D7C-6C16-4B51-82C5-A7D357552961} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {40261A96-1864-499D-9704-111FAD702CA8} - System32\Tasks\Andrew1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {484D0440-FF98-4996-BCEF-B7A9CECED25F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {4873618B-4718-47A6-94FB-120BDC39E824} - System32\Tasks\checknews => Wscript.exe C:\VT-SecureTools\CheckNews.vbs
Task: {4BDD7F65-46C1-4764-A2D9-AEF27AB24C28} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4D8AF6D3-2E16-45C5-9DA4-B489E0BBE55F} - System32\Tasks\AdobeAAMUpdater-1.0-Andrew-THINK-Andrew => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {620580FB-4595-4239-A4D0-0024DD98A0A6} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-09] (PC-Doctor, Inc.)
Task: {69D2EE40-E205-4193-8583-9F2F4F99D3CB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {750A258A-A7F4-4B23-B25B-3DB1D15CD336} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {77EACD57-FF18-4982-86D8-781FF490BB31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {781E6921-FFA9-4463-9F14-D7A4B0967B39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.)
Task: {78278561-4C06-4E6A-A9B4-0494B26E820C} - System32\Tasks\Andrew Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {7D79E03E-6928-432B-A880-82F0EEC23960} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {82FD979C-513A-4DD4-86D8-5136052790F5} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {85D17AFB-7FDC-41E9-A439-CF08E684620E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {88BDD0FF-D576-496E-9311-6CB5C481D3A6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8CC227BC-1600-47A3-B524-8B2EF7CB7D91} - System32\Tasks\sepversion => Wscript.exe C:\VT-SEPVersion\SEPversion.vbs
Task: {900D189A-6FB4-432A-814E-A63CFAFB7402} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {9384DBE5-A8A8-431C-8214-AC61F0980EDD} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {9F569CA2-C3DB-41BD-8340-A94C1B1511A8} - System32\Tasks\DriverBoost-RTMUpdater => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
Task: {A07CEF20-29E0-4A59-9893-CE080698A8AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {A7AD6A8B-4F21-45EC-B561-9D71853F288F} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {AAE2AE08-9E9C-45A6-8790-524D7EBBAEC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {AB72379C-32C6-43FC-A386-F9EA3BDC8E31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {BA23F1C3-50FE-4A31-873C-BA4CF0528DF4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {C1276293-B7CB-4866-A9BB-62EFF4342380} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {C13725F2-CE14-4134-9AC8-F0710C5697E5} - System32\Tasks\Andrew1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {C52818B7-407E-4066-86E1-7F9EC535330F} - System32\Tasks\{F80F9531-FB77-4BF6-AD57-C80597B74ED3} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {C7D33093-0526-43F3-AB8B-8CE95B963F85} - \RegClean Pro No Task File <==== ATTENTION
Task: {CB934536-91C4-4F1D-8F53-B41A80460EDD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {CFD44A20-0C92-497E-9A37-AAAD4B1FFF65} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D0E26E49-C2E1-4804-A6A1-2AAC047F6998} - System32\Tasks\DriverBoost-RTMScan => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
Task: {D63202B7-2D7D-460C-BEF3-C44D2316BC39} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA => C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {D6CA3690-8B2E-4E36-AA1B-8C9F64CC4097} - System32\Tasks\{67A36D1F-F5C8-47AC-8282-22F6768106A2} => pcalua.exe -a C:\Users\Andrew\Downloads\sid_win_viewer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D9CC7AD8-7B80-4C82-931C-EC36A649FA3C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {DE3FA39C-4FAF-455B-9FDB-01CFBAAA6F8B} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {DFFE6A51-B9C0-4FCE-8114-92BEE21050B9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-09] (PC-Doctor, Inc.)
Task: {E35CC732-0642-47E0-88AC-4A66D7AFBE5F} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-09-10] (Lenovo Group Limited)
Task: {EB38272B-27FC-42D3-939C-7843CF780A7A} - System32\Tasks\Andrew DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {F4A06797-996E-4EB3-9903-223FA32DF144} - System32\Tasks\{73DA6D6B-80DA-4733-8333-F386318D0C35} => pcalua.exe -a C:\Users\Andrew\Downloads\Kerkythea-v2.0.19-Windows.exe -d C:\Users\Andrew\Downloads
Task: {F86EA52A-7805-4721-AEAE-14C8A3652223} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {FC0857A0-975B-4DD9-9C38-0941521DBC26} - System32\Tasks\DriverBoost-RTMRules => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
Task: {FFF9E2AE-8D4F-4D05-9C0C-4BEB4B199ED0} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2014-09-13] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job => C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job => C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\pc-dis-upd.job => C:\Program Files (x86)\PC Cleaners\PCCleaners.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-30 17:17 - 2013-10-28 19:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2011-03-25 14:22 - 2011-03-25 14:22 - 00223088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-03-25 14:21 - 2011-03-25 14:21 - 00673648 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2012-12-13 18:11 - 2012-12-13 18:11 - 06107136 _____ () C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
2011-06-14 16:22 - 2011-03-06 06:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-14 16:21 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-08-15 11:10 - 2012-08-26 18:45 - 01193176 _____ () C:\Users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2014-02-07 23:49 - 2014-02-07 23:49 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2014-02-07 23:49 - 2014-02-07 23:49 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2014-02-07 23:49 - 2014-02-07 23:49 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2014-02-07 23:49 - 2014-02-07 23:49 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2011-06-14 16:27 - 2010-12-16 00:53 - 10383872 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe
2011-06-14 16:25 - 2014-09-10 06:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-02-04 20:45 - 2014-02-04 20:44 - 00274432 _____ () C:\Program Files (x86)\PaperCut NG Client\pc-client.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-20 13:25 - 2014-11-26 04:35 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-07-20 13:25 - 2014-11-26 04:35 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-12 18:51 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-01-12 18:51 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-14 16:27 - 2010-12-16 00:53 - 00898560 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\libxml2.dll
2011-06-14 16:27 - 2010-12-16 00:53 - 00073728 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\zlib1.dll
2011-06-14 16:27 - 2010-12-16 00:53 - 03449344 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\CxF2_VC90MD_2.1.dll
2011-06-14 16:27 - 2010-12-16 00:54 - 07390720 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtGui4.dll
2011-06-14 16:27 - 2010-12-16 00:54 - 02012160 _____ () C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtCore4.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Andrew\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-02 11:11 - 2015-01-02 11:11 - 00043008 _____ () c:\users\andrew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkwlzx.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Andrew\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Andrew\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Andrew\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-16 19:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 19:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-02-04 20:45 - 2014-02-04 20:44 - 00047616 _____ () C:\Program Files (x86)\PaperCut NG Client\lib\clientjni.dll
2015-01-02 11:09 - 2014-11-26 04:35 - 00104328 _____ () C:\Users\Andrew\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-12-16 19:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 19:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-356921038-4143767964-2174389936-500 - Administrator - Disabled)
Andrew (S-1-5-21-356921038-4143767964-2174389936-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-356921038-4143767964-2174389936-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-356921038-4143767964-2174389936-1009 - Limited - Enabled)
UpdatusUser (S-1-5-21-356921038-4143767964-2174389936-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2015 09:01:57 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Andrew\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/08/2015 04:38:33 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/08/2015 04:38:09 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/08/2015 02:51:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/08/2015 00:33:10 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/08/2015 00:32:47 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/07/2015 08:24:57 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/07/2015 08:24:31 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/07/2015 04:19:21 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/07/2015 04:18:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (01/04/2015 05:32:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {84F66100-FF7C-4FB4-B0C0-02CD7FB668FE}
 
Error: (01/02/2015 11:07:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cirli
 
Error: (01/02/2015 11:07:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (MSSMLBIZ) service terminated with service-specific error %%3417.
 
Error: (01/02/2015 11:03:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: 
%%2
 
Error: (01/02/2015 10:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2015 10:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2015 10:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2015 10:58:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2015 10:58:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2015 10:58:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/08/2015 09:01:57 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Andrew\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (01/08/2015 04:38:33 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/08/2015 04:38:09 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/08/2015 02:51:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\Autodesk\composite2014\python\lib\distutils\command\wininst-8_d.exe
 
Error: (01/08/2015 00:33:10 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/08/2015 00:32:47 AM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/07/2015 08:24:57 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/07/2015 08:24:31 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/07/2015 04:19:21 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/07/2015 04:18:55 PM) (Source: MsiInstaller) (EventID: 11310) (User: Andrew-THINK)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Andrew\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-08 00:33:19.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 23:20:39.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 22:58:22.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 19:34:50.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 17:50:28.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 16:01:05.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 15:26:09.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 15:10:07.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-07 12:12:20.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-06 23:27:20.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2820QM CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 16267.23 MB
Available physical RAM: 11017.73 MB
Total Pagefile: 40671.41 MB
Available Pagefile: 33324.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:448.96 GB) (Free:88.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1273.31 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2D4EB053)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 1A805BA7)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 08 January 2015 - 11:31 AM

Yes, you can use it :).
 
Please uninstall the following:
 
Yontoo Layers Runtime
Zip Opener Packages




Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 08 January 2015 - 03:46 PM

Yupp. I uninstalled those 2 programs and was able to run the ComboFix. The option about the recovery console was not available however. When it restarted I was able to log in and windows explorer opened like before the issues It is however in windows 98 theme.  One additional thing I hope you can help me with at the end of all this is to why windows doesn't connect to the windows server and my taskbar looks like windows 98 and not the new aero theme.  This was the root of the original issue and I dug and found issues I didn't know were present.  

 

Here is the ComboFix log:

 

ComboFix 15-01-08.01 - Andrew 01/08/2015  13:29:47.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16267.11604 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\combofix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\users\Andrew\.uc-8f873961e18830af221f6f73232aaac7.andrew.andrew-think.tmp
c:\users\Public\Documents\~WRL0005.tmp
c:\users\Public\Documents\~WRL2480.tmp
c:\users\Public\Documents\Documents\Documents\~WRL3722.tmp
E:\Autorun.inf
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-08 to 2015-01-08  )))))))))))))))))))))))))))))))
.
.
2015-01-08 14:03 . 2015-01-08 14:06 -------- d-----w- C:\FRST
2015-01-06 12:26 . 2015-01-08 19:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6149B384-CD59-4314-BD42-64674584F238}\offreg.dll
2015-01-06 12:23 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6149B384-CD59-4314-BD42-64674584F238}\mpengine.dll
2015-01-03 22:36 . 2015-01-03 22:36 -------- dc-h--w- c:\programdata\{D9F9C87D-6338-4977-AD5C-EE6EE6F6B6EC}
2015-01-03 22:36 . 2015-01-03 22:36 -------- dc-h--w- c:\programdata\{7E8842F4-ECF1-457B-9B22-AA8299B810D9}
2015-01-03 22:36 . 2015-01-03 22:36 -------- d-----w- c:\users\Andrew\AppData\Local\PackageAware
2015-01-03 22:36 . 2015-01-03 22:36 -------- d-----w- c:\program files\Common Files\Topaz Labs
2015-01-03 22:36 . 2015-01-03 22:36 -------- d-----w- c:\program files (x86)\Topaz Labs
2015-01-03 22:36 . 2015-01-03 22:36 -------- d-----w- c:\program files (x86)\Common Files\Topaz Labs
2015-01-02 08:54 . 2015-01-02 08:54 -------- d-----w- c:\programdata\Malwarebytes
2014-12-21 17:34 . 2014-12-21 17:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-21 17:34 . 2014-12-21 17:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-21 07:07 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-21 07:07 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-10 02:58 . 2014-12-10 02:58 -------- d-----w- c:\programdata\Nero
2014-12-10 02:22 . 2014-12-10 02:22 -------- d-----w- c:\windows\system32\hotspot
2014-12-10 02:21 . 2014-12-10 02:21 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 01:51 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 01:51 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 01:51 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 01:51 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 01:51 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 01:51 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 01:51 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 01:51 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 01:51 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 01:51 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 01:41 . 2014-11-22 02:50 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-10 01:36 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 01:36 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 01:36 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 01:36 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 01:36 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 01:36 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 01:36 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 01:36 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 01:36 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 01:36 . 2014-12-10 01:36 -------- d-----w- c:\program files (x86)\Dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 01:34 . 2012-04-08 16:51 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 01:34 . 2012-01-13 18:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-27 21:40 . 2012-05-04 15:44 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-24 19:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-19 01:47 . 2014-11-19 01:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-14 10:36 . 2014-11-14 10:36 84208 ----a-w- c:\windows\system32\ibmpmsvc.exe
2014-11-14 10:36 . 2014-11-14 10:36 72432 ----a-w- c:\windows\system32\ibmpmctl.exe
2014-11-14 10:36 . 2014-11-14 10:36 60112 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2014-11-14 10:36 . 2014-11-14 10:36 40176 ----a-w- c:\windows\system32\tpinspm.dll
2014-11-11 03:08 . 2014-11-19 02:04 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 02:04 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 02:04 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 02:04 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-12 10:20 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 10:20 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 10:20 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 10:20 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 10:20 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 10:20 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 10:20 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 10:20 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 10:20 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 10:20 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 10:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 10:20 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 10:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 10:20 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 10:20 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 22:16 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 22:16 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 22:16 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-09-17 127080]
"Spotify Web Helper"="c:\users\Andrew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-26 1193176]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336]
"Akamai NetSession Interface"="c:\users\Andrew\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"X-Rite Legacy Device"="c:\program files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe" [2010-09-28 105984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-09-10 6363424]
"PaperCut NG Client"="c:\program files (x86)\PaperCut NG Client\pc-client.exe" [2014-02-05 274432]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-01-18 113656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-09-17 1518664]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-11-26 493960]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-12-03 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-12-03 840592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Color Calibrator Gamma.lnk - c:\program files (x86)\X-Rite\PANTONE Color Calibrator\Gamma\CalibrationLoader.exe [2011-6-14 802816]
Color Calibrator Tray.lnk - c:\program files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe [2011-6-14 10383872]
Dell Display Manager.lnk - c:\program files (x86)\Dell\Dell Display Manager\ddm.exe [2014-12-9 673472]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 cirli;cirli;c:\windows\System32\drivers\trdxpwqk.sys;c:\windows\SYSNATIVE\drivers\trdxpwqk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;c:\program files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20150107.001\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20150107.001\IDSvia64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CAMService;CAM Service;c:\program files\Intel\CAM\bin\CAMService.exe;c:\program files\Intel\CAM\bin\CAMService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 i1 Display Service;X-Rite Device i1 Display;c:\program files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe;c:\program files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [x]
S2 xritedeviced;X-Rite Device Manager;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe;c:\program files (x86)\X-Rite\Devices\Services\xritedeviced.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 01:34]
.
2015-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job
- c:\users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 20:49]
.
2015-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job
- c:\users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 20:49]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-12 06:21]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-12 06:21]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 04:32]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356921038-4143767964-2174389936-1001UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-03 04:32]
.
2014-12-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
.
2015-01-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 22:19 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 22:19 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 22:19 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2013-04-15 388600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-07-11 63776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: vt.edu\learn
Trusted Zone: vt.edu\scholar
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-DriverBoost - c:\program files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-PC Cleaners - c:\program files (x86)\PC Cleaners\PCCleaners.exe
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
Wow6432Node-HKLM-Run-ccApp - c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Mozilla Firefox 12.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Digital Sites - c:\users\Andrew\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
.
**************************************************************************
.
Completion time: 2015-01-08  15:32:18 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-08 20:32
.
Pre-Run: 94,197,305,344 bytes free
Post-Run: 109,129,601,024 bytes free
.
- - End Of File - - 9837C5BA7DE7FFBA98587DB59CCB8838


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 08 January 2015 - 05:19 PM

We will adress the taskbar when we are finished with the malware removal :)


Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
  • Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search, then Clean.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 08 January 2015 - 06:13 PM

So Malewarebytes ran fine, but didnt require a restart. Maybe because it deleted most of the issues before? then I ran AdwCleaner and heres the Log: Still have taskbar issue btw...

 

# AdwCleaner v4.107 - Report created 08/01/2015 at 18:00:31
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andrew - ANDREW-THINK
# Running from : C:\Users\Andrew\Downloads\adwcleaner_4.107 (3).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Andrew\AppData\Local\Conduit
Folder Deleted : C:\Users\Andrew\AppData\Local\genienext
Folder Deleted : C:\Users\Andrew\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Andrew\AppData\Local\PackageAware
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andrew\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\searchplugins\bingp.xml
File Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\nqkf6hcg.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Advanced System Protector
Task Deleted : Advanced System Protector_startup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5B1ACB5D-1787-4261-86FB-E4D30ADC75A3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_130059329278017115", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_1359634298000", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.CurrentServerDate", "18-5-2013");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.DSInstall", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Thu May 16 2013 16:26:08 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Sun May 13 2012 01:36:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.EnableClickToSearchBox", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.EnableSearchHistory", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.EnableSearchSuggest", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 232);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Sun May 13 2012 01:21:57 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Sun May 13 2012 01:21:58 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstServerDate", "13-5-2012");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstTime", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.HPInstall", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.HomePageProtectorEnabled", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.Initialize", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationId", "fft9E21.tmp.exe");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationType", "XPE");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstalledDate", "Sat May 12 2012 20:33:10 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsGrouping", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsInitSetupIni", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsProtectorsInit", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.12.0.8", "Sun May 13 2012 00:33:10 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.12.2.3", "Wed May 30 2012 20:42:04 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.13.0.6", "Mon Jul 16 2012 17:19:42 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.14.1.0", "Mon Aug 27 2012 19:17:46 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.15.1.0", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.LatestVersion", "3.18.0.7");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.Locale", "en");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipShow", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.12.0.8");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchBackToDefaultEngine", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchBoxWidth", 100);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "BitTorrentBar Customized Web Search");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabUserEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchProtectorEnabled", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1368778344");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Thu May 16 2013 16:26:05 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.UserID", "UN05192937373302631");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ValidationData_Search", 2);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.ValidationData_Toolbar", 0);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherPollDate", "Fri May 17 2013 19:27:52 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.approveUntrustedApps", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.autoDisableScopes", -1);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e.:2z527", "2423");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e06cg5el8:", "6E6D6B6A6B71746E7774");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473717071777A747D7A242F4B49474F42357D5D5C3D");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b-0?3g>d", "676D3C3E6A6D43737A7244484520477E7B2025224F534F2A5255292A552D5A292E5B2A61");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b-0?3g@6:5;", "");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A2326292C31323334353A455F67566B5D67566F596B5F5F6A6567553E72786E687760");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b5ba==9cjag", "3B6D3F3C703F6E707A70707472784848777B4D797A");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6A6B717274706F73777B");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b9643g3/9e", "6A");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b<:222h64<", "393F352F3E");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b<:222h64<l8daj", "6D70706F7674707976722A797572797E757C7E");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b=+03eh8h8j?:", "4443");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9b?b0d:8aj62<h", "6D");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.cbcountry_000", "5553");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "536174204D617920313220323031322032303A33333A313620474D542D3034303020284561737465726E204461796C696768742054696D6529");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstate_pricegong", "6F6E");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstatereporttime", "31333638383333323737383530");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B2263726974657269614964223A22323235643434[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_currentversion", "312E342E342E36");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_first_time", "31");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_lastlogintime", "31333638383333323734303737");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_showclosebutton", "74727565");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_userid", "33383533326465622D623665642D343436612D626632372D393738666565613534313330");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.pg_enable", "74727565");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.searchappstate", "33");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.searchapptracking", "73656E74");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.sf_just_installed", "46414C5345");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.sf_status", "454E41424C4544");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.sf_user_id", "6369645F31363532303133313632373633343339343632");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F3F7265663D746E5F746E6D6E3A3A3A636C69636B68616E646C65723A3A3A313333363838363338333738392C2C2C68747[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.componentAlertEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.1000034", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.1000234", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129309565073350181", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129309577647413174", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129309578575850709", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129313977501788460", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129526968991422666", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129633547190125290", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129791371079091292", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.components.129820989550310799", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Thu May 16 2013 16:26:08 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.initDone", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.isSearchProtectorNotifyChanges", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.navigateToUrlOnSearch", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.oldAppsList", "129298377186075601,129298377186388102,1000234,129791371079091292,1000034,129526968991422666,129309578575850709,129313977501788460,129309577647413174,129309565073350[...]
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.testingCtid", "");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Fri May 17 2013 19:27:51 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Thu May 16 2013 16:26:08 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.usageEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.usagesFlag", 2);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BitTorrentBar Customized Web Search");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"e4169bc3061678a88aa7c26b565f6fc33\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1361459328\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2790392", "C5ZJe6gL80JBW5CuLy+wkg==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2790392", "mfQ70fvlD2zuBxSBj8rQqA==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2790392", "k9un27OkAvkwB2ZmvXxTnA==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2790392", "FqddrIU7eyJgaaLyHDeVMQ==");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"6341c50648fd59897cde84cfa3927631\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b382247af9bfb94111de7928f312ff02\"");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andrew\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\nqkf6hcg.default\\conduitCommon\\modules\\3.15.1.0");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "8c7970e8-148b-41f4-8822-41c0f4ea42a7");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 16 2013 16:26:10 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 17 2013 19:27:52 GMT-0400 (Eastern Daylight Time)");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "b0052d90-9eeb-4876-9168-d65370d3e5a6");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[nqkf6hcg.default\prefs.js] - Line Deleted : user_pref("CT2790392.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [39976 octets] - [08/01/2015 17:56:32]
AdwCleaner[S0].txt - [42610 octets] - [08/01/2015 18:00:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42671 octets] ##########


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 09 January 2015 - 03:04 AM

For the taskbar:

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 January 2015 - 01:07 PM

That took awhile, but I was able to run it all. Upon the final restart im still having the same sidebar/taskbar issues. 

 

Here is the Windows Repair Log

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ANDREW-THINK
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Andrew
Current Profile SID: S-1-5-21-356921038-4143767964-2174389936-1001
Current Profile Classes: S-1-5-21-356921038-4143767964-2174389936-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Andrew\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:01
 
Process Count: 149
Commit Total: 3.31 GB
Commit Limit: 39.72 GB
Commit Peak: 3.41 GB
Handle Count: 80109
Kernel Total: 742.89 MB
Kernel Paged: 581.20 MB
Kernel Non Paged: 161.69 MB
System Cache: 2.18 GB
Thread Count: 1726
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.89 GB
Memory Used: 3.31 GB(20.8046%)
Memory Avail.: 12.58 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.89 GB
Memory Used: 2.77 GB(17.414%)
Memory Avail.: 13.12 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/9/2015 12:25:59 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 352
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/9/2015 12:26:02 PM)
   Running Repair Under Current User Account
   Done (1/9/2015 12:26:23 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/9/2015 12:26:23 PM)
   Running Repair Under System Account
   Done (1/9/2015 12:34:26 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/9/2015 12:34:26 PM)
   Running Repair Under System Account
   Done (1/9/2015 12:37:23 PM)
 
03 - Reset Service Permissions
   Start (1/9/2015 12:37:23 PM)
   Running Repair Under System Account
   Done (1/9/2015 12:37:50 PM)
 
04 - Register System Files
   Start (1/9/2015 12:37:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:38:37 PM)
 
05 - Repair WMI
   Start (1/9/2015 12:38:37 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Symantec Endpoint Protection Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Symantec Endpoint Protection Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (1/9/2015 12:46:35 PM)
 
06 - Repair Windows Firewall
   Start (1/9/2015 12:46:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:47:11 PM)
 
07 - Repair Internet Explorer
   Start (1/9/2015 12:47:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:47:54 PM)
 
08 - Repair MDAC/MS Jet
   Start (1/9/2015 12:47:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:48:06 PM)
 
09 - Repair Hosts File
   Start (1/9/2015 12:48:06 PM)
   Running Repair Under System Account
   Done (1/9/2015 12:48:07 PM)
 
10 - Remove Policies Set By Infections
   Start (1/9/2015 12:48:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:48:10 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (1/9/2015 12:48:10 PM)
   Running Repair Under System Account
   Done (1/9/2015 12:48:11 PM)
 
12 - Repair Icons
   Start (1/9/2015 12:48:11 PM)
   Running Repair Under Current User Account
   Done (1/9/2015 12:48:12 PM)
 
13 - Repair Winsock & DNS Cache
   Start (1/9/2015 12:48:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:48:30 PM)
 
15 - Repair Proxy Settings
   Start (1/9/2015 12:48:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:48:32 PM)
 
17 - Repair Windows Updates
   Start (1/9/2015 12:48:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/9/2015 12:49:00 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (1/9/2015 12:49:00 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (1/9/2015 12:49:00 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (1/9/2015 12:49:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:27 PM)
 
21 - Repair MSI (Windows Installer)
   Start (1/9/2015 12:49:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:39 PM)
 
23.01 - Repair bat Association
   Start (1/9/2015 12:49:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:42 PM)
 
23.02 - Repair cmd Association
   Start (1/9/2015 12:49:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:44 PM)
 
23.03 - Repair com Association
   Start (1/9/2015 12:49:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:46 PM)
 
23.04 - Repair Directory Association
   Start (1/9/2015 12:49:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:48 PM)
 
23.05 - Repair Drive Association
   Start (1/9/2015 12:49:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:50 PM)
 
23.06 - Repair exe Association
   Start (1/9/2015 12:49:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:53 PM)
 
23.07 - Repair Folder Association
   Start (1/9/2015 12:49:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:55 PM)
 
23.08 - Repair inf Association
   Start (1/9/2015 12:49:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:57 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (1/9/2015 12:49:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:49:59 PM)
 
23.10 - Repair msc Association
   Start (1/9/2015 12:49:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:01 PM)
 
23.11 - Repair reg Association
   Start (1/9/2015 12:50:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:03 PM)
 
23.12 - Repair scr Association
   Start (1/9/2015 12:50:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:06 PM)
 
24 - Repair Windows Safe Mode
   Start (1/9/2015 12:50:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:08 PM)
 
25 - Repair Print Spooler
   Start (1/9/2015 12:50:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:23 PM)
 
26 - Restore Important Windows Services
   Start (1/9/2015 12:50:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:33 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/9/2015 12:50:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:41 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (1/9/2015 12:50:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/9/2015 12:50:43 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/9/2015 12:50:43 PM)
   Total Repair Time: 00:24:47
 
 
...YOU MUST RESTART YOUR SYSTEM...


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 09 January 2015 - 03:09 PM

Could you show me a screenshot from your taskbar please? Also, please rightclick the taskbar, and make a screenshot too.

Are there any other issues left beside the problem with the taskbar?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 January 2015 - 03:47 PM

Hello Yes this is the only remaining issue.  Hope you can fix it. Here are the two screen shots

Taskbar%2BScreenShot%2B1.jpg
 
Taskbar%2BScreenShot%2B2.jpg

 



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:08 PM

Posted 10 January 2015 - 05:15 AM

Since when do you have the taskbar issue?

https://support.microsoft.com/kb/975676

This will show you how to change the taskbar to classic, please follow this instructions in changed order to get back to normal taskbar.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 acrid

acrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 12 January 2015 - 11:05 AM

Sorry I haven't posted in a few days I was moving back to university. I have been having the taskbar issue from before all the other issues.  I just dealt with it for a long time. Alot of the time When i would check for windows updates then installed them that would sent it back to aero theme.  This however has not happened in some time.  The link you posted above does not work. It sends me to a page that says oops the content must be somewhere else.  and when I go into Control Panel -> appearance and themes and try to change my theme all of the themes are greyed out and unselectable except for all the windows classic themes.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users