Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Problem on remote PC


  • This topic is locked This topic is locked
23 replies to this topic

#1 crASHed

crASHed

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 27 January 2015 - 04:50 PM

Hello,

 

I live in the Us and I've been trying to help my sister in Germany with her infected laptop, remotely. 

Their laptop is super slow and there are always all sorts of warnings when they access the internet. One that popped up is: Win32/ELEX.BM and it said that this might be an unwanted application.

Then there is an issue with win32/downloadsponsor.c

 

Their laptop runs Windows 8, btw.

 

So when I tried to install Spybot it said I don't have access to do that. I asked my sister to try to install the program, but she too was told that she doesn't have access to do this. Now, we were in the admin profile. I tried to install another Trojan detector, same result. No access. I am at a loss as to what to do given that I cannot seem to install any detection and removal software.

 

I'd appreciate any advise. Thank you.

 

 



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 28 January 2015 - 09:06 PM

Greetings crASHed and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

While I review our situation please run the below for me. Please note, I am going to give you 2 sets of instructions on how to run Farbar Recovery Scan Tool. Run the second one with the help of your sister only if you are unable to run the first one.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's Recovery Scan Tool in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
===================================================

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
===================================================

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[/b]
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 28 January 2015 - 11:41 PM

Hello Gary,

My name is Anna. I will set up to work on my sisters laptop as soon as possible. I might no be able to work on the laptop until this Saturday, due to time differences. I'll post earlier if possible, but expect a reply on Saturday, the latest. I'm most definitely still with you. Thank you for your help.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 29 January 2015 - 09:28 AM

Hi Anna,

 

Thanks for touching base. I realize we are dealing with a different time zone, that is why I posted the second set of instructions as a contingency. We may need to continue to do that so don't feel overwhelmed if I end up posting at lot all at once. I don't want you to have to wait for instructions.

 

See you in a few days.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 29 January 2015 - 12:05 PM

You're welcome. That sounds like a plan. I just read over your instructions again and I just want to make sure I get this right. I am supposed to do this here first: Farbar Recovery Scan Tool (FRST) and only if this doesn't work, I will try the flash-drive option, correct? And after one of these two options, I'll do the Running Farbar's Recovery Scan Tool in System Recovery instructions, right? Thanks again!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 29 January 2015 - 03:39 PM

Sorry, it is confusing.
 
The first set of instructions is the way we prefer to run the program. That will give us the most information. I am actually going to give you a third option to try to avoid having to go into the Recovery Environment.  This is how I would like you to do it until it is successful:
 
Run FRST in Normal Mode
Run FRST in Safe Mode  <<< New step
If necessary, run FRST in the Recovery Environment which includes using the USB device (these are not separate steps but all one step)

Hopefully I made this less confusing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 29 January 2015 - 05:02 PM

Ok, I get it now and I will do as you suggested. Thanks!



#8 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 31 January 2015 - 03:28 PM

Hello Gary,

 

I wasn't able to run it in the safe mode because the laptop would not enter the safe mode. It kept crashing, same with the recovery console. I hope this information is still somewhat helpful.

 

Here are the logs.

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Thorsten (administrator) on LENOVO-PC on 31-01-2015 21:12:27
Running from C:\Users\Thorsten\Documents
Loaded Profiles: Thorsten (Available profiles: Thorsten)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Superfish, Inc.) C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Pokki) C:\Users\Thorsten\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Pokki) C:\Users\Thorsten\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Thorsten\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Thorsten\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Thorsten\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-

servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Lenovo) C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe
(Microsoft Corporation) C:\Program Files\WindowsApps

\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will

not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480

2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems,

Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06]

(Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-24] (Synaptics

Incorporated)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-11-26]

(Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-

11-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-11-26]

(Lenovo(beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [643064 2014-09-17]

(McAfee, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe

[214312 2011-12-06] (CyberLink Corp.)
HKU\S-1-5-21-680926532-729859700-2259438726-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine

\HostAppServiceUpdater.exe" /LOGON
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:

\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => "C:

\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" File Not Found
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program

Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files

\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files

\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files

\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program

Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program

Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program

Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program

Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?

type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?

type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?

type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?

type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?

type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?

type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?

type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-

plus.com/web/?type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
HKU\S-1-5-21-680926532-729859700-2259438726-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

http://isearch.omiga-plus.com/?type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKU\S-1-5-21-680926532-729859700-2259438726-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://isearch.omiga-plus.com/?type=hppp&ts=1421689396&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A
HKU\S-1-5-21-680926532-729859700-2259438726-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =

http://www.lenovo.com
HKU\S-1-5-21-680926532-729859700-2259438726-1001\Software\Microsoft\Internet Explorer

\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-

plus.com/web/?type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?

type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-

plus.com/web/?type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?

type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680926532-729859700-2259438726-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680926532-729859700-2259438726-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-680926532-729859700-2259438726-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

http://isearch.omiga-plus.com/web/?type=ds&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A&q=

{searchTerms}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

(McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc

\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?

type=sc&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A

FireFox:
========
FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421689396&from=ild&uid=ST320LT012-

1DG14C_W3P83G2AXXXXW3P83G2A
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update

\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update

\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF user.js: detected! => C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default\user.js
FF SearchPlugin: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default\searchplugins\omiga-

plus.xml
FF Extension: TotalPlusHD-3.1V19.01 - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default

\Extensions\6cfae8cc4676442fa78d9dcdf@bd4ea874e76d4af1994ba.com [2015-01-19]
FF Extension: easycopysmokyinkcom - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default

\Extensions\easycopy@smokyink.com [2015-01-25]
FF Extension: Fast Start - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default\Extensions

\faststartff@gmail.com [2015-01-19]
FF Extension: FF Toolbar - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\lezkigoa.default\Extensions

\fftoolbar2014@etech.com [2015-01-19]
FF Extension: ClickMovie1-Downloaderv10 - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles

\lezkigoa.default\Extensions\LPESNIOB27154074@RO39491085.com [2015-01-19]
FF Extension: 8F6A6FD90619459fB9D081DE065D4E21 - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles

\lezkigoa.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [2015-01-24]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox

\Profiles\lezkigoa.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox

\Profiles\lezkigoa.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-26]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-

plus.com/?type=sc&ts=1421689366&from=ild&uid=ST320LT012-1DG14C_W3P83G2AXXXXW3P83G2A

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved

unless listed separately.)

S2 0079581422734299mcinstcleanup; C:\WINDOWS\TEMP\007958~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not

signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-19] (globalUpdate)

[File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-19] (globalUpdate)

[File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

[733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS

\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760

2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21]

(LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-11-26] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing)

Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31]

(McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee,

Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee,

Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-

12-12] (Nitro PDF Software)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-11-26]

(Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-11-26] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-11-26] ()
R2 VisualDiscovery; C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe [1354296 2014-06-21]

(Superfish, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved

unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-14] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-27] (Realtek Semiconductor Corporation         

                  )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R2 VDWFP; C:\WINDOWS\system32\Drivers\VDWFP64.sys [39800 2014-05-12] (Superfish, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed

separately to be moved.)
 

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Thorsten at 2015-01-31 21:08:32
Running from C:\Users\Thorsten\Documents
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClickMovie1-Downloaderv10 (HKLM-x32\...\ClickMovie1-Downloaderv10) (Version: 1.36.01.08 - end)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{75F06437-40F4-4A65-BC65-FC194D6B7EBA}) (Version: 8.0.304.4 - ESET, spol s r. o.)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Host App Service (HKU\S-1-5-21-680926532-729859700-2259438726-1001\...\Pokki) (Version: 0.269.5.459 - Pokki)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.0 - Lenovo) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo)
Lenovo Updates (x32 Version: 1.0.0.65 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-680926532-729859700-2259438726-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie2KDownloader (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - Movie2KDownloader.com) <==== ATTENTION
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.806.012214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-680926532-729859700-2259438726-1001\...\Pokki_Start_Menu) (Version: 0.269.5.459 - Pokki)
Superfish Inc. VisualDiscovery (HKLM-x32\...\Superfish Inc. VisualDiscovery) (Version: 1.0.0.1 - Superfish) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TotalPlusHD-3.1V19.01 (HKLM-x32\...\TotalPlusHD-3.1V19.01) (Version: 1.36.01.08 - HDPlus-3.1TotalV19.01) <==== ATTENTION
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-680926532-729859700-2259438726-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

25-01-2015 21:02:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16FDFCD5-2005-4B9C-8B90-C596842F2636} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {1E433C5C-94E0-4DAA-911A-9637176E9086} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate) <==== ATTENTION
Task: {22E02727-500D-425F-AB24-031B592EAF39} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {28886C9E-6282-434B-A9B4-2EC5C70A822C} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {2D288663-4D92-499C-8963-EB74ED5D38FA} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {2E2B36B0-9A4A-4074-8F4B-2571532EA4BE} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-01-17] (Lenovo)
Task: {5820783A-620A-461D-84B7-8625C0612A7B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate) <==== ATTENTION
Task: {582699AC-21C9-4EC6-8170-CCA2940E1386} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {87BF1F2F-77ED-4219-BC37-81BB4F5546FF} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {92FE5CA7-B486-410C-9B7E-95EC5AD69A82} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {AA1C121D-061A-4828-8E05-CD4E0B7AB4ED} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe [2015-01-19] (end) <==== ATTENTION
Task: {B2E96946-C75E-44D3-814A-AAB852DAA7A0} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {BE20A4D7-BA8C-4BD9-A38E-07546BF0E82F} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {C47099DF-7987-43CB-93F4-C0D7CE1583C2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-680926532-729859700-2259438726-1001
Task: {C8252FB4-B488-4963-8D0E-3D44B02F0DF0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D1B30120-7217-47CA-9EBE-49807082804D} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {D3B39ED0-52DD-406E-AAD3-23290810AC52} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
Task: {D4289E4F-D530-447B-ABAE-FA263C7C0477} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {D435C69A-CF0F-451A-87CE-2E549A6145B6} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe [2015-01-19] (end) <==== ATTENTION
Task: {D9BB9125-1388-4BFF-A06C-7E0547B98AA7} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe [2015-01-19] (end) <==== ATTENTION
Task: {EF60D8B3-9ACC-498A-AD69-05C29EF49CA2} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe [2015-01-19] (end) <==== ATTENTION
Task: {F8CB7970-89AB-4D60-A6AB-CBB6B59213BF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {FA64B6DA-AB53-45FF-8D29-4981DD9C478F} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-26 17:00 - 2014-01-22 14:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-11-26 17:47 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-11-26 17:54 - 2014-11-26 17:54 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-11-26 17:54 - 2014-11-26 17:54 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-11-26 16:57 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-03-26 12:50 - 2014-11-26 17:59 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00033536 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\Thorsten\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\Thorsten\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\Thorsten\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\Thorsten\AppData\Local\Pokki\Engine\avformat-54.dll
2014-05-21 18:29 - 2014-05-21 18:29 - 00020736 _____ () C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
2014-05-21 18:29 - 2014-05-21 18:29 - 00021248 _____ () C:\Program Files\Lenovo\iMController\PluginCommunication.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Thorsten\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-680926532-729859700-2259438726-500 - Administrator - Disabled)
Gast (S-1-5-21-680926532-729859700-2259438726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-680926532-729859700-2259438726-1003 - Limited - Enabled)
Thorsten (S-1-5-21-680926532-729859700-2259438726-1001 - Administrator - Enabled) => C:\Users\Thorsten

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023169. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023169. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 09:02:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 09:02:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 08:56:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 08:52:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 08:52:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/31/2015 08:51:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (01/31/2015 09:03:41 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (01/31/2015 09:02:39 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.431Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4Nicht verfügbarNicht verfügbar

Error: (01/31/2015 09:02:05 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4

Error: (01/31/2015 08:55:57 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (01/31/2015 08:53:38 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/31/2015 08:52:11 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (01/31/2015 08:51:51 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.431Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4Nicht verfügbarNicht verfügbar

Error: (01/31/2015 08:51:30 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4

Error: (01/31/2015 08:47:56 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: Windows.Store

Error: (01/31/2015 08:36:05 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}


Microsoft Office Sessions:
=========================
Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023169

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023169

Error: (01/31/2015 09:03:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/31/2015 09:02:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024865

Error: (01/31/2015 09:02:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/31/2015 08:56:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (01/31/2015 08:52:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/31/2015 08:52:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024865

Error: (01/31/2015 08:51:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 53%
Total physical RAM: 3979.21 MB
Available physical RAM: 1857.18 MB
Total Pagefile: 4683.21 MB
Available Pagefile: 2503.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:257.5 GB) (Free:230.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2FE855EC)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 31 January 2015 - 04:06 PM

Greetings Anna,

Thank you for the information and your patience while I reviewed the information. We first need to cut/paste FRST.exe from your Documents folder to your Desktop.

Running from C:\Users\Thorsten\Documents


Please do these things.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

ESET Smart Security 8.0
McAfee Anti-Virus und Anti-Spyware


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => "C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" File Not Found
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
Task: {1E433C5C-94E0-4DAA-911A-9637176E9086} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate)
Task: {28886C9E-6282-434B-A9B4-2EC5C70A822C} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {2D288663-4D92-499C-8963-EB74ED5D38FA} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {5820783A-620A-461D-84B7-8625C0612A7B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate) <==== ATTENTION
Task: {582699AC-21C9-4EC6-8170-CCA2940E1386} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {87BF1F2F-77ED-4219-BC37-81BB4F5546FF} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {92FE5CA7-B486-410C-9B7E-95EC5AD69A82} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {AA1C121D-061A-4828-8E05-CD4E0B7AB4ED} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe [2015-01-19] (end) <==== ATTENTION
Task: {BE20A4D7-BA8C-4BD9-A38E-07546BF0E82F} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {D4289E4F-D530-447B-ABAE-FA263C7C0477} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {D435C69A-CF0F-451A-87CE-2E549A6145B6} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe [2015-01-19] (end) <==== ATTENTION
Task: {D9BB9125-1388-4BFF-A06C-7E0547B98AA7} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe [2015-01-19] (end) <==== ATTENTION
Task: {EF60D8B3-9ACC-498A-AD69-05C29EF49CA2} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe [2015-01-19] (end) <==== ATTENTION
Task: {FA64B6DA-AB53-45FF-8D29-4981DD9C478F} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files (x86)\globalUpdate
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Movie2KDownloader
Superfish Inc. VisualDiscovery
TotalPlusHD-3.1V19.01

  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to uninstall an antivirus program?
  • Fixlog
  • Did the programs uninstall?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 31 January 2015 - 06:43 PM

Thanks Gary! If possible, I will have another remote session with my sister tomorrow. I will let you know if that's not possible & the potential date of our next session. Thank you, again!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 31 January 2015 - 06:53 PM

No problem. Thanks for the heads up.
You are welcome, again! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 01 February 2015 - 12:57 PM

Hey Gary,
 
I was able to get all the programs down, including an antivir program. Things seem better and smoother, but I think he had downloaded a toolbar that hijacked the homepage in Firefox and I couldn't find the toolbar to kick it off.
 
Here is what it's called: JS/Toolbar.crossrider.b
 
Thanks again!
Anna
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Thorsten at 2015-02-01 18:38:59 Run:1
Running from C:\Users\Thorsten\Desktop
Loaded Profiles: Thorsten (Available profiles: Thorsten)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => "C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" File Not Found
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
Task: {1E433C5C-94E0-4DAA-911A-9637176E9086} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate)
Task: {28886C9E-6282-434B-A9B4-2EC5C70A822C} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {2D288663-4D92-499C-8963-EB74ED5D38FA} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {5820783A-620A-461D-84B7-8625C0612A7B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-19] (globalUpdate) <==== ATTENTION
Task: {582699AC-21C9-4EC6-8170-CCA2940E1386} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {87BF1F2F-77ED-4219-BC37-81BB4F5546FF} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {92FE5CA7-B486-410C-9B7E-95EC5AD69A82} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {AA1C121D-061A-4828-8E05-CD4E0B7AB4ED} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe [2015-01-19] (end) <==== ATTENTION
Task: {BE20A4D7-BA8C-4BD9-A38E-07546BF0E82F} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe [2015-01-19] (end) <==== ATTENTION
Task: {D4289E4F-D530-447B-ABAE-FA263C7C0477} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: {D435C69A-CF0F-451A-87CE-2E549A6145B6} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe [2015-01-19] (end) <==== ATTENTION
Task: {D9BB9125-1388-4BFF-A06C-7E0547B98AA7} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe [2015-01-19] (end) <==== ATTENTION
Task: {EF60D8B3-9ACC-498A-AD69-05C29EF49CA2} - System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe [2015-01-19] (end) <==== ATTENTION
Task: {FA64B6DA-AB53-45FF-8D29-4981DD9C478F} - System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4 => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe [2015-01-19] (HDPlus-3.1TotalV19.01) <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\86543052-eec1-45e4-9f36-d9ddefff94e7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\TotalPlusHD-3.1V19.01-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V19.01\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files (x86)\globalUpdate
*****************
 
"C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll" => Value Data removed successfully.
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E433C5C-94E0-4DAA-911A-9637176E9086}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E433C5C-94E0-4DAA-911A-9637176E9086}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28886C9E-6282-434B-A9B4-2EC5C70A822C} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5 => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D288663-4D92-499C-8963-EB74ED5D38FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D288663-4D92-499C-8963-EB74ED5D38FA}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5820783A-620A-461D-84B7-8625C0612A7B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5820783A-620A-461D-84B7-8625C0612A7B}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{582699AC-21C9-4EC6-8170-CCA2940E1386} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87BF1F2F-77ED-4219-BC37-81BB4F5546FF} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92FE5CA7-B486-410C-9B7E-95EC5AD69A82} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA1C121D-061A-4828-8E05-CD4E0B7AB4ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1C121D-061A-4828-8E05-CD4E0B7AB4ED}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE20A4D7-BA8C-4BD9-A38E-07546BF0E82F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE20A4D7-BA8C-4BD9-A38E-07546BF0E82F}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4289E4F-D530-447B-ABAE-FA263C7C0477} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1 => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D435C69A-CF0F-451A-87CE-2E549A6145B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D435C69A-CF0F-451A-87CE-2E549A6145B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9BB9125-1388-4BFF-A06C-7E0547B98AA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9BB9125-1388-4BFF-A06C-7E0547B98AA7}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF60D8B3-9ACC-498A-AD69-05C29EF49CA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF60D8B3-9ACC-498A-AD69-05C29EF49CA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\86543052-eec1-45e4-9f36-d9ddefff94e7-4" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA64B6DA-AB53-45FF-8D29-4981DD9C478F} => Key not found. 
C:\Windows\System32\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4 => Key not found. 
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-1.job => Moved successfully.
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-10_user.job => Moved successfully.
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-2.job => Moved successfully.
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-4.job => Moved successfully.
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5.job => Moved successfully.
C:\WINDOWS\Tasks\86543052-eec1-45e4-9f36-d9ddefff94e7-5_user.job => Moved successfully.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-1.job not found.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-10_user.job not found.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-2.job not found.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-4.job not found.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5.job not found.
C:\WINDOWS\Tasks\af7a56e1-e515-4fb7-8269-cdeab905e1ed-5_user.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
 
"C:\Program Files (x86)\globalUpdate" directory move:
 
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll => Moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll => Moved successfully.
Could not move "C:\Program Files (x86)\globalUpdate" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-01 18:43:22)<=
 
C:\Program Files (x86)\globalUpdate => Is moved successfully.
 
==== End of Fixlog 18:43:22 ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 01 February 2015 - 03:05 PM

Hi Anna,

Thanks for the follow up information. We have some more work to do and I am confident we can rid the computer of the hijack. I am throwing a lot at you in this post so we can get a lot done while you have access to the computer.

Please do these things.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 crASHed

crASHed
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:11:26 AM

Posted 01 February 2015 - 03:22 PM

Gary,

 

Thanks again. I will follow your suggestions, but I don't know if I will get a chance to work on the laptop again before the next weekend. I will update you once I know more.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:26 AM

Posted 01 February 2015 - 03:24 PM

OK thanks for letting me know. I will just assume we won't be touching base until then.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users